saleor-security
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as an educational and procedural guide for implementing security best practices in Saleor environments, including JWT lifecycle management and permission models.
- [EXTERNAL_DOWNLOADS]: The instructions direct the agent to fetch documentation from the official Saleor domain (docs.saleor.io). This is a standard practice for retrieving up-to-date configuration details from an official vendor source.
- [PROMPT_INJECTION]: The skill instructs the agent to ingest external content from Saleor's documentation, creating a surface for potential indirect prompt injection.
- Ingestion points: The skill utilizes WebSearch and WebFetch in SKILL.md to retrieve live documentation.
- Boundary markers: No explicit delimiters or instructions are provided to the agent to treat external content as untrusted data.
- Capability inventory: The agent has access to high-privilege tools including Bash, Write, and Edit.
- Sanitization: No verification or sanitization steps are defined for the fetched documentation content.
- Context: The risk is mitigated by the fact that the ingestion is restricted to the official vendor documentation for the platform being secured, which is necessary for the skill's primary function.
Audit Metadata