saleor-customers
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a legitimate technical reference for the Saleor e-commerce platform's user management system. It details GraphQL schemas, authentication flows using JWT, and permission structures without any malicious intent or hidden code.
- [EXTERNAL_DOWNLOADS]: The skill instructions direct the agent to fetch updated documentation from the official Saleor documentation site (docs.saleor.io). As Saleor is a well-known technology service, retrieving its documentation is considered a safe and standard practice for development-oriented agents.
- [PROMPT_INJECTION]: The skill uses WebFetch and WebSearch to ingest documentation from external sources into the agent's context, creating a surface for indirect prompt injection.
- Ingestion points: External documentation fetched from docs.saleor.io as specified in SKILL.md.
- Boundary markers: The skill does not explicitly define delimiters to isolate external content from its own instructions.
- Capability inventory: The agent is permitted to use Bash, Write, and Edit tools, which could be targeted by instructions hidden in external data.
- Sanitization: There are no instructions provided for sanitizing or validating the content retrieved from the web.
Audit Metadata