shopify-admin-order-notes-and-attributes-report

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow and GraphQL query explicitly fetch order "note" and "customAttributes" from a Shopify store (see Workflow Steps and the GraphQL Operations in SKILL.md), and those are customer-provided, untrusted texts that the agent reads, filters on, and includes verbatim in its reported output (Session Tracking requires emitting the Note text), so they could carry embedded instructions that influence the agent's behavior.