saleor-configurator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests remote store state from a user-supplied Saleor GraphQL endpoint (see SKILL.md and rules/cli-commands.md: introspect and the deploy pipeline's "Fetch current remote state" in rules/deploy-pipeline.md), so arbitrary third-party/untrusted content from those endpoints is read and used to drive diffs and deployment decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill invokes remote code at runtime via "pnpm dlx @saleor/configurator" (which fetches and executes the @saleor/configurator package) and the README points to the repository https://github.com/saleor/saleor-configurator, so the skill depends on external code that is downloaded and run (including an interactive "start" wizard that controls prompts).