shopify-hydrogen
Warn
Audited by Snyk on Mar 31, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.70). The SKILL.md "Before writing code" explicitly instructs the agent to fetch live docs from https://shopify.dev/docs/storefronts/headless/hydrogen and to web-search GitHub (site:github.com) for Hydrogen source/examples—public third-party sites whose content the agent is expected to read and use to determine API fields, caching, and implementation decisions, exposing it to untrusted user-generated content that could influence actions.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata