shopify-admin-inventory-valuation-report
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses GraphQL queries to fetch data and performs no mutations or system-level commands.
- [SAFE]: No external dependencies, obfuscated code, or remote scripts are used.
- [PROMPT_INJECTION]: The skill processes untrusted data (product titles, vendor names) from the Shopify API, which constitutes an indirect prompt injection surface. 1. Ingestion points: GraphQL results for productVariants and inventoryItems in SKILL.md. 2. Boundary markers: Not present in instructions. 3. Capability inventory: Restricted to GraphQL data retrieval and CSV output formatting; no shell execution or external network access. 4. Sanitization: Not specified. This surface is considered safe because the skill lacks dangerous tools to exploit retrieved data.
Audit Metadata