saleor-storefront
Warn
Audited by Snyk on Jun 29, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). The required workflow instructs fetching live public documentation from
https://docs.saleor.io/...and web-searchingdocs.saleor.io/github.comat runtime; those fetched pages are outsider-authored free text that can be ingested into the agent’s LLM context.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs the agent at runtime to fetch and use the live documentation at https://docs.saleor.io/docs/developer/storefront to guide implementation, meaning external content would directly control agent prompts/instructions.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill is explicitly about a storefront checkout flow and lists specific GraphQL mutations used to perform checkout and payment operations (e.g., checkoutCreate, checkoutLinesAdd, checkoutEmailUpdate, checkoutShippingAddressUpdate, transactionInitialize, checkoutComplete). The mention of "transactionInitialize or gateway-specific" indicates integration points with payment gateways. These are specific payment APIs/operations (not generic browser or HTTP tools), so the skill provides direct financial execution capability.
Issues (3)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata