shopify-agent-discount

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 1.00). Most links are documentation or official services, but the instruction to run a remote shell script (curl https://astral.sh/uv/install.sh | sh) is a high-risk pattern for malware distribution, so the set should be treated as suspicious.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The get-coupon.py script posts the product URL to the public World API endpoint https://discount-app.worldcoin.org/api/verify and prints the returned discount code, and the SKILL.md explicitly instructs the agent to use that returned value before completing checkout, so untrusted third-party API content directly influences agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provisions and uses a crypto wallet key (instructions to generate a private key with eth-account, store it in .agent-key, show the wallet address) and instructs running a script that uses the private key to sign a SIWE (Sign-In with Ethereum) message sent to an external API. That is explicit use of blockchain wallet/signing capabilities. Even though the described use is for authentication/discount lookup (not sending on-chain payments), the skill includes wallet creation and cryptographic signing functionality which matches the "Crypto/Blockchain (Wallets, Swaps, Signing)" criterion for Direct Financial Execution.