coupang-shopping

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). High risk: the skill explicitly instructs collecting and storing Coupang credentials and payment PINs in predictable local files, automating unattended background orders (including confirmation-less "order-now"), includes explicit WAF-evasion guidance (use Firefox for "Akamai WAF 우회에 유리") and depends on running/installing an external npm package (coupang-cli) which creates a supply-chain/typosquat risk — together these patterns enable credential theft, unauthorized purchases, and covert abuse even though no explicit exfiltration code is shown.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md requires running npx coupang-cli commands (e.g., search, order-now, navigate) that fetch and parse live content from public Coupang/Naver pages and CLI output, so untrusted third-party page content is read and used to drive decisions and ordering in the required workflow.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly automates placing purchases and performing payments on Coupang via a specific CLI tool (coupang-cli). It requires storing user credentials and a payment PIN, instructs running npx coupang-cli order-now "상품명" -p card (an immediate/confirmless checkout), and includes a detailed keypad-reading/ PIN-entry procedure so the agent can complete payments. These are explicit transaction-sending capabilities (automated order + payment), not generic browsing or API-calling, so it grants direct financial execution authority.