spree-catalog
Warn
Audited by Snyk on Jun 29, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). High: the REQUIRED workflow explicitly fetches live public web documentation pages at runtime (e.g.,
https://spreecommerce.org/docs/...) and also performs web-search, whose returned page text/snippets can be ingested into the agent’s LLM context, enabling outsider-authored free text prompt injection.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs fetching live documentation at runtime from https://spreecommerce.org/docs/developer/core-concepts/architecture, which would inject external doc content into the agent's context and thereby directly influence its prompts/behavior.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata