saleor-shipping

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill retrieves technical documentation and configuration patterns from the official Saleor documentation website (docs.saleor.io), which is a well-known service.
  • [PROMPT_INJECTION]: The skill incorporates an attack surface for indirect prompt injection by ingesting external data from web searches and documentation fetches.
  • Ingestion points: External content is fetched from docs.saleor.io and web search results (SKILL.md).
  • Boundary markers: Absent; there are no instructions to the agent to treat external content as untrusted or to use specific delimiters.
  • Capability inventory: The skill is allowed to use Bash, Write, and Edit tools (SKILL.md).
  • Sanitization: No input validation or sanitization is performed on the retrieved external content.
  • Note: Because the identified ingestion sources are official and well-known service providers, this risk surface is considered safe for the intended use case.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 02:51 PM
Security Audit — agent-trust-hub — saleor-shipping