The Agent Skills Directory

[SAFE]: The skill implements standard business logic for Shopify store management using official GraphQL API operations.
[COMMAND_EXECUTION]: The skill utilizes platform-native Shopify tools (shopify-admin) to perform its tasks. It does not execute arbitrary or suspicious shell commands.
[DATA_EXPOSURE]: The skill accesses customer data (emails, notes) which is necessary for its stated purpose. The data is handled within the local environment and saved to a local CSV file for administrative review.
[INDIRECT_PROMPT_INJECTION]:
Ingestion points: The skill retrieves existing customer notes and names from the Shopify API via the customers query in SKILL.md.
Boundary markers: No specific delimiters are defined to separate untrusted customer data from the agent's internal logic.
Capability inventory: The skill has the capability to write back to the Shopify API using the customerUpdate mutation and write to the local file system (CSV generation).
Sanitization: There is no explicit sanitization or filtering of the content retrieved from Shopify before it is re-processed into new notes or log files.

customer-note-bulk-annotator