storefront-best-practices

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required "Backend SDK Method Verification Workflow" in SKILL.md explicitly instructs the agent to query external documentation or an MCP server (e.g., docs.medusajs.com/mcp or other official docs) and to read/verify those public web pages before writing code, meaning the agent ingests and acts on open/public third‑party content that can change its subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill mandates querying the Medusa MCP/documentation at runtime (https://docs.medusajs.com/mcp) to verify SDK method names and signatures before writing code, so fetched remote documentation would directly determine the agent's generated code/instructions and is a required dependency.