saleor-catalog
Warn
Audited by Snyk on Jun 29, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). The required workflow explicitly performs runtime web-searches and fetches Saleor documentation pages (e.g., “Web-search site:docs.saleor.io …” and “Fetch https://docs.saleor.io/docs/developer/products”), which are outsider-authored public web content that can be ingested as readable text into the agent’s LLM context.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.70). The skill explicitly instructs fetching external Saleor docs at runtime (https://docs.saleor.io/docs/developer/products and https://docs.saleor.io/docs/developer/channels) and using their content to guide implementation, so the fetched pages would directly influence agent prompts/behavior.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata