spree-shipping-fulfillment
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues or malicious behaviors were detected. The skill instructions and code snippets are appropriate for configuring shipping and fulfillment in a Spree Commerce environment.
- [EXTERNAL_DOWNLOADS]: The skill fetches developer documentation from the official Spree Commerce website (spreecommerce.org), which is an established and trusted resource for the intended functionality.
- [PROMPT_INJECTION]: The skill ingests untrusted data from an external documentation site (Ingestion point: SKILL.md via WebFetch of spreecommerce.org). No explicit boundary markers or sanitization logic is provided to isolate external content (Sanitization/Boundaries: Absent). The agent is equipped with capabilities including 'Bash', 'Write', and 'Edit' tools. While this represents a theoretical surface for indirect prompt injection, the risk is negligible given the source is the official documentation repository.
Audit Metadata