saleor-security

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md "Before writing code" section explicitly instructs the agent to web-search public Saleor docs and to fetch the live page at https://docs.saleor.io/docs/developer/app-store/apps/overview, meaning the agent will fetch and interpret open/public third‑party content as part of its workflow and those external pages could influence subsequent actions.