saleor-shipping
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill retrieves technical documentation and configuration patterns from the official Saleor documentation website (docs.saleor.io), which is a well-known service.
- [PROMPT_INJECTION]: The skill incorporates an attack surface for indirect prompt injection by ingesting external data from web searches and documentation fetches.
- Ingestion points: External content is fetched from
docs.saleor.ioand web search results (SKILL.md). - Boundary markers: Absent; there are no instructions to the agent to treat external content as untrusted or to use specific delimiters.
- Capability inventory: The skill is allowed to use
Bash,Write, andEdittools (SKILL.md). - Sanitization: No input validation or sanitization is performed on the retrieved external content.
- Note: Because the identified ingestion sources are official and well-known service providers, this risk surface is considered safe for the intended use case.
Audit Metadata