saleor-promotions
Warn
Audited by Snyk on Jun 29, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). The required workflow explicitly performs runtime web searches and fetches public Saleor documentation pages (e.g., “Web-search site:docs.saleor.io …” and “Fetch https://docs.saleor.io/docs/developer/discounts”), whose page text is outsider-authored free-form content that can be ingested into the agent’s LLM context.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.70). The skill explicitly instructs the agent at runtime to fetch and review external Saleor documentation (https://docs.saleor.io/docs/developer/discounts and https://docs.saleor.io/docs/developer/gift-cards), which would directly influence the agent's instructions and is required before implementation.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill documents explicit Saleor GraphQL mutations that create and modify monetary instruments and alter order/payment amounts: e.g., voucherCreate/voucherUpdate, promotionCreate/promotionRuleCreate, orderDiscountAdd/orderDiscountUpdate/orderDiscountDelete (staff-applied discounts), and especially gift card mutations (giftCardCreate, giftCardUpdate — modify balance, activate/deactivate, giftCardBulkCreate, giftCardResend). These are specific, purpose-built e-commerce operations that issue or change store credit, apply discounts at checkout, and directly change order totals or gift-card balances. They are not generic tooling (browser automation or generic HTTP callers) but concrete financial-operation APIs, so the skill grants direct financial execution authority.
Issues (3)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata