shopify-admin-duplicate-sku-barcode-detector

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Workflow Step 1 and GraphQL Operations explicitly fetch productVariants from a user-specified Shopify store (product/variant titles, SKUs, barcodes) — untrusted, user-generated third-party content — and the agent must read and act on those values to build reports and drive follow-up decisions, enabling indirect prompt-injection via malicious product text.