spree-shipping-fulfillment

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No security issues or malicious behaviors were detected. The skill instructions and code snippets are appropriate for configuring shipping and fulfillment in a Spree Commerce environment.
  • [EXTERNAL_DOWNLOADS]: The skill fetches developer documentation from the official Spree Commerce website (spreecommerce.org), which is an established and trusted resource for the intended functionality.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from an external documentation site (Ingestion point: SKILL.md via WebFetch of spreecommerce.org). No explicit boundary markers or sanitization logic is provided to isolate external content (Sanitization/Boundaries: Absent). The agent is equipped with capabilities including 'Bash', 'Write', and 'Edit' tools. While this represents a theoretical surface for indirect prompt injection, the risk is negligible given the source is the official documentation repository.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 02:51 PM
Security Audit — agent-trust-hub — spree-shipping-fulfillment