saleor-checkout
Warn
Audited by Snyk on Jun 29, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). The required workflow includes “Fetch live docs” via web-search and fetching Saleor documentation pages (e.g.,
https://docs.saleor.io/docs/developer/checkoutand otherdocs.saleor.ioURLs), which are outsider-authored free text that the agent would ingest into its LLM context at runtime.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs the agent at runtime to fetch and review live Saleor documentation (https://docs.saleor.io/docs/developer/checkout and https://docs.saleor.io/docs/developer/payments), which would directly inform and control the agent's implementation instructions and is treated as a required external dependency.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill explicitly includes payment-related mutations and transaction flow for charging customers: transactionInitialize (with amount, paymentGateway, idempotencyKey), transactionProcess (for 3DS/redirects), and checkoutComplete. It references payment Apps/gateways (e.g., returning client secret for Stripe) and idempotent charge creation — i.e., specific APIs to initiate and complete monetary transactions. This is direct financial execution capability.
Issues (3)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata