logistics-tracking

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly says the skill queries third-party sites (the official api.17track.net when using a key and, without a key, "uses Playwright (headless Chromium) to query t.17track.net"), so the agent fetches and interprets open/public site data as part of its workflow, which can materially influence responses.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs running "npx -y @shopmeagent/logistics-tracking-mcp" (and variants like "npx -y @shopmeagent/logistics-tracking-mcp serve" / "npx skills add shopmeskills/mcp"), which causes the npm registry (e.g. https://registry.npmjs.org/@shopmeagent/logistics-tracking-mcp) to be contacted at runtime to fetch and execute remote package code that the skill relies on.