delivery-tracking

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to fetch and parse live content from public carrier pages (e.g., https://www.cjlogistics.com/ko/tool/parcel/tracking and https://service.epost.go.kr/trace.RetrieveDomRigiTraceList.comm), ingesting untrusted third-party HTML/JSON as part of its runtime parsing workflow that directly determines status and next outputs.