saleor-customers

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill serves as a legitimate technical reference for the Saleor e-commerce platform's user management system. It details GraphQL schemas, authentication flows using JWT, and permission structures without any malicious intent or hidden code.
  • [EXTERNAL_DOWNLOADS]: The skill instructions direct the agent to fetch updated documentation from the official Saleor documentation site (docs.saleor.io). As Saleor is a well-known technology service, retrieving its documentation is considered a safe and standard practice for development-oriented agents.
  • [PROMPT_INJECTION]: The skill uses WebFetch and WebSearch to ingest documentation from external sources into the agent's context, creating a surface for indirect prompt injection.
  • Ingestion points: External documentation fetched from docs.saleor.io as specified in SKILL.md.
  • Boundary markers: The skill does not explicitly define delimiters to isolate external content from its own instructions.
  • Capability inventory: The agent is permitted to use Bash, Write, and Edit tools, which could be targeted by instructions hidden in external data.
  • Sanitization: There are no instructions provided for sanitizing or validating the content retrieved from the web.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 02:51 PM
Security Audit — agent-trust-hub — saleor-customers