The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface in the way it handles search parameters. * Ingestion points: Untrusted input is accepted via the lookup_value parameter in the SKILL.md definition. * Boundary markers: There are no explicit delimiters (e.g., XML-like tags) or instructions provided to the agent to isolate the user input from the rest of the logic. * Capability inventory: The skill uses the orders:query capability via the shopify-admin toolkit to retrieve sensitive customer personally identifiable information (PII), including addresses and contact details. * Sanitization: No validation or sanitization is performed on the lookup value before it is interpolated into the GraphQL query.

shopify-admin-order-lookup-and-summary