saleor-app

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly requires fetching and using third-party data — e.g., fetching JWKS from the Saleor instance during registration (protocol-auth.md) and receiving/processing webhook payloads from Saleor and external services like Stripe (webhook-async.md, webhook-external.md) — which are untrusted external inputs the agent must read/interpret and that can change behavior (verification, routing, processing).