saleor-paper-storefront

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs agents to fetch and inspect public third‑party code (e.g., "cd /tmp && git clone --depth 1 https://github.com/saleor/saleor.git saleor-core" in AGENTS.md and references/saleor-key-directories.md), which is untrusted public content the agent is expected to read and use to drive investigation and decisions, so it can enable indirect prompt injection.