api-graphql

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill queries and ingests store content from Shopify (e.g., Storefront API product descriptions/images/altText, metafields, and Admin API/webhook payloads) which can contain merchant- or user-provided untrusted text that the agent would read and act on.