datagouv-apis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and interpret external dataservice documentation and endpoints (e.g., "GET /dataservices/{id}/" to obtain machine_documentation_url and base_api_url, fetch the OpenAPI spec, then call the upstream API) and to load resource URLs/Tabular data (public dataset resources), which are public third‑party or user‑provided content the agent must read and act on — enabling external content to change behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs the agent to fetch external OpenAPI specs at runtime (e.g., the Main API Swagger https://www.data.gouv.fr/api/1/swagger.json and per-dataservice "machine_documentation_url") and to treat those specs as authoritative for constructing calls, meaning fetched content directly controls the agent's request/conversation behavior.