storefront-best-practices

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly instructs the agent to fetch and render dynamic, user-provided content from ecommerce backends—e.g., fetching categories and product data from the backend (navbar.md, megamenu.md, connecting-to-backend.md) and displaying customer-written product reviews (reference/components/product-reviews.md)—which are untrusted, third‑party/user-generated sources the agent is expected to read and interpret as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill mandates that the agent "QUERY the documentation or MCP server" at runtime (specifically referencing the Medusa MCP/docs URL https://docs.medusajs.com/mcp), meaning fetched documentation is required at runtime to determine SDK method names/signatures and thus directly controls the agent's instructions.