opendata-api

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly shows and instructs using raw API keys in Authorization headers (curl -H "Authorization: Bearer od_live_...") and requires authenticated requests, which encourages the agent to request/insert secret values verbatim into generated commands, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly queries public datasets and metadata (e.g., GET /v1/datasets/{provider}/{dataset}, GET /v1/discover which returns sample_rows, descriptions and canonical_questions, and ?include_sources=true exposing _source_url) and instructs the agent to read and act on those results (discover → use path to fetch data, compose/preview → perform joins, download composed CSV), so untrusted third‑party content can directly influence subsequent tool use and decisions.