spree-upgrades
Warn
Audited by Snyk on Jun 29, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). SKILL.md instructs the runtime workflow to “Fetch live docs” from public URLs (e.g., https://spreecommerce.org/docs/... and GitHub release pages), which are outsider-authored free text that would be ingested into the agent’s LLM context.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs the agent to fetch and follow external documentation at runtime (e.g., https://spreecommerce.org/docs/developer/upgrades/quickstart and https://github.com/spree/spree/releases), so those remote pages would directly control the agent's instructions/behavior.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata