mycarrierpackets-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly calls MyCarrierPackets endpoints (e.g., https://api.mycarrierpackets.com/api/v1/Carrier/GetCarrierData, /GetDocument, /CompletedPackets, /CarriersChanges) to fetch carrier profiles, uploaded documents (COI/W9/eAgreements) and risk assessments — all third‑party/user‑submitted content that the agent decodes and uses to drive invitations, monitoring, blocking, and other decisions, which meets the criteria for indirect prompt injection risk.