parcel-tracking

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The prompt explicitly instructs the agent to hide failed scraping attempts from users ("Don't mention failed scrapes to the user"), which is a deceptive behavior that changes how results are presented and is outside the skill's stated transparent tracking purpose.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow (Step 3 and Step 1) instructs the agent to fetch/scrape public carrier tracking pages (e.g., auspost.com.au, dhl.com, track.sendle.com) and to read Gmail dispatch emails to extract live status, and that third‑party content is ingested and used to determine status and next actions, which could enable indirect prompt injection.