saleor-promotions

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill explicitly instructs fetching and reviewing live Saleor docs at runtime (https://docs.saleor.io/docs/developer/discounts and https://docs.saleor.io/docs/developer/gift-cards), which would be injected into the agent’s context and directly influence its prompts/instructions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly exposes ecommerce financial operations: creating and managing gift cards (giftCardCreate, giftCardUpdate which can modify balances, giftCardDeactivate/Activate, giftCardBulkCreate) and voucher/manual order-discount mutations (voucherCreate/voucherUpdate, orderDiscountAdd/orderDiscountUpdate). Gift cards are both a product and a payment method and the mutations allow changing balances and activation state — actions that directly affect stored-value/payment instruments. These are specific, non-generic financial operations (not just a generic HTTP or browser tool), so the skill grants direct financial execution capability.