shopify-admin-draft-order-cleanup
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill performs administrative tasks using official toolkits and includes appropriate safety mechanisms such as a dry-run mode and permanent deletion warnings.
- [DATA_EXFILTRATION]: The skill accesses customer names and email addresses from the Shopify API to generate local administrative reports. This activity is restricted to well-known service endpoints and intended for internal use.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Ingestion points: GraphQL query results for draft order 'note' and 'customer.displayName' in SKILL.md. Boundary markers: Absent. Capability inventory: 'draftOrderDelete' mutation in SKILL.md. Sanitization: Absent.
Audit Metadata