shopfleet-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to run CLI read commands against configured Shopify stores and notes the CLI "talks to Shopify Admin GraphQL" (SKILL.md and references/cli-contract.md), meaning the agent will ingest external store data from third-party Shopify sites which can influence subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a CLI for managing Shopify stores via the Shopify Admin GraphQL API and explicitly exposes write commands that perform financial-impacting actions: e.g., refund, gift card create, order cancel (with force), and other mutating operations (fulfillment, discounts). It uses authenticated Shopify Admin API credentials (clientId/clientSecret or accessToken) to execute these mutations against live stores. These are not generic utilities — they are specific store-management operations that can move money or change financial state. Therefore this skill grants direct financial execution capability.