saleor-channels
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill's content is consistent with its stated purpose of providing technical guidance for the Saleor e-commerce platform.
- [PROMPT_INJECTION]: Indirect prompt injection surface identified via external data ingestion. 1. Ingestion points: The skill instructs the agent to fetch live documentation from https://docs.saleor.io/docs/developer/channels and perform web searches on docs.saleor.io. 2. Boundary markers: The instructions do not specify markers to delimit the retrieved content or warn the agent about potential instructions within the documentation. 3. Capability inventory: The agent environment includes tools such as Bash, Write, Edit, and WebFetch as seen in the allowed-tools metadata. 4. Sanitization: There are no instructions for sanitizing or validating the content retrieved from the external documentation source. Note: This finding refers to the inherent surface of documentation-focused skills and does not indicate malicious intent.
Audit Metadata