spree-deployment
Warn
Audited by Snyk on Jun 20, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). Outsider free text is fetched at runtime from public web pages (e.g.,
https://spreecommerce.org/docs/...and other platform guides) and then ingested into the agent’s LLM context as “live docs” content.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs fetching external documentation at runtime—"Fetch https://spreecommerce.org/docs/developer/deployment/database"—which would pull remote content into the agent's decision context and therefore can directly control prompts/instructions.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The doc explicitly references payment gateway integrations and credentials (environment variables named STRIPE_, ADYEN_, PAYPAL_*, and NEXT_PUBLIC_SPREE_PUBLISHABLE_KEY). Those are specific payment gateway configurations (Stripe/Adyen/PayPal) which enable processing/handling payments — i.e., direct financial execution capability. This is not generic tooling (browser automation or generic HTTP); it explicitly exposes payment gateway APIs/keys used to move money.
Issues (3)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata