ktx-booking

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Workflow (step 2 "Search first via the helper") and scripts/ktx_booking.py call the korail2 helper against Korail's public web/API endpoints to fetch live search results (train_id, schedules, reservation data), which the agent must read and act on (choose train_id, reserve/cancel), so it ingests untrusted third‑party web content that can materially influence subsequent actions.