The Agent Skills Directory

[SAFE]: The skill performs legitimate administrative actions using the Shopify Admin GraphQL API. The requested scopes (read_orders, write_fulfillments) are appropriate for the described task.
[COMMAND_EXECUTION]: The skill references the official shopify CLI for authentication (shopify store auth). This is a standard and recommended practice for interacting with Shopify stores programmatically.
[DATA_EXPOSURE]: The skill processes order and fulfillment data, including tracking numbers and URLs. This data is handled within the context of the authenticated Shopify session and used specifically for the mutation parameters.
[PROMPT_INJECTION] (Indirect): The skill ingests data via the updates array, which could potentially originate from untrusted external sources like a 3PL provider's CSV. However, the skill provides a dry_run parameter to allow users to verify changes before execution, and the Shopify API enforces its own schema validation on the input data.

shopify-admin-tracking-update-bulk