korean-jangbu-for

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's install script (korean-jangbu-for/scripts/install.sh) explicitly clones and checks out the upstream public GitHub repo https://github.com/kimlawtech/korean-jangbu-for into runtime paths and registers/uses the upstream /jangbu-* subskills, so untrusted third‑party repo content is ingested and can materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The installer script (scripts/install.sh) clones and checks out the upstream repository at runtime (https://github.com/kimlawtech/korean-jangbu-for.git), then installs upstream skills and references/executes upstream scripts, so remote content fetched from that URL can directly control agent prompts/workflow and execute code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes integration with CODEF (a financial-data/banking aggregator) and a dedicated subskill "/jangbu-connect" for setting CODEF API credentials (BYOK) to enable 홈택스·은행·카드 자동 수집. This is a specific banking API integration (analogous to Plaid/Teller) for automated access to financial accounts/data, which meets the "Banking APIs" criterion in the core rule. While the rest of the skill is bookkeeping/reporting and it does not mention payments, trading, or crypto operations, the explicit CODEF banking integration is sufficient to flag direct financial execution authority risk.