spree-headless-storefront

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to clone the Spree storefront repository from https://github.com/spree/storefront. This is an official repository from a well-known organization in the e-commerce ecosystem.
  • [COMMAND_EXECUTION]: Provides instructions to execute shell commands for project initialization and development, including git clone, npm install, and npm run dev. These are standard operations for the skill's intended use case of setting up a local development environment.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by directing the agent to fetch and process live documentation and README files from external domains such as github.com and spreecommerce.org.
  • Ingestion points: External documentation URLs and the README file of the cloned repository.
  • Boundary markers: No explicit delimiters or instructions are provided to the agent to distinguish between its system prompt and the content of the fetched external files.
  • Capability inventory: The skill utilizes powerful tools including Bash, Write, Edit, and WebFetch.
  • Sanitization: The skill does not specify any sanitization, validation, or filtering of the content retrieved from external sources before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 09:56 AM
Security Audit — agent-trust-hub — spree-headless-storefront