spree-headless-storefront
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to clone the Spree storefront repository from
https://github.com/spree/storefront. This is an official repository from a well-known organization in the e-commerce ecosystem. - [COMMAND_EXECUTION]: Provides instructions to execute shell commands for project initialization and development, including
git clone,npm install, andnpm run dev. These are standard operations for the skill's intended use case of setting up a local development environment. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by directing the agent to fetch and process live documentation and README files from external domains such as
github.comandspreecommerce.org. - Ingestion points: External documentation URLs and the README file of the cloned repository.
- Boundary markers: No explicit delimiters or instructions are provided to the agent to distinguish between its system prompt and the content of the fetched external files.
- Capability inventory: The skill utilizes powerful tools including
Bash,Write,Edit, andWebFetch. - Sanitization: The skill does not specify any sanitization, validation, or filtering of the content retrieved from external sources before it is processed by the agent.
Audit Metadata