spree-multi-store
Warn
Audited by Snyk on Jun 29, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.95). The skill’s required workflow is to fetch and inspect Spree documentation and source code from public URLs at runtime (“Fetch live docs” step), which is outsider-authored free text that will be ingested into the agent’s LLM context.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs fetching live documentation URLs at runtime (e.g., https://spreecommerce.org/docs/use-case/multi-store/model, https://spreecommerce.org/docs/use-case/marketplace/model, https://spreecommerce.org/docs/use-case/multi-tenant/multi-tenant-model, and https://spreecommerce.org/announcing-spree-commerce-5-4/) and to inspect Spree model source, which would be fetched and used to directly guide the agent's code-generation/instructions.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The documentation explicitly references payment gateways and payout integrations: it lists specific payment methods (Stripe, PayPal), describes vendor payouts via Stripe Connect (Express/Standard), marketplace payment "fan-out" to vendor accounts, and a payout scheduler. These are concrete, payments-related integration points (Stripe/Stripe Connect and PayPal), which are specific tools/APIs for moving money rather than generic tooling.
Issues (3)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata