Skills
skills/40rty-ai/shopify-admin-skills/shopify-store-skills/Gen Agent Trust Hub

shopify-store-skills

Pass

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill's interactive setup guide (site/src/pages/index.astro) contains a pre-defined prompt that instructs the AI agent to adopt a specific persona ("Act as a concierge") and explicitly suppresses standard command output ("DO NOT paste raw command output", "run these silently"). These are behavior-override and output-concealment patterns used for UX optimization.
  • [PROMPT_INJECTION]: Multiple skills ingest untrusted data from Shopify (e.g., skills/order-intelligence/shopify-admin-order-notes-and-attributes-report/SKILL.md).
  • Ingestion points: Data enters the agent context through the GraphQL orders and returns queries fetching note, customAttributes, and returnReasonNote fields.
  • Boundary markers: None implemented in the instructions.
  • Capability inventory: The skill performs read-only operations and CSV generation (e.g., in skills/order-intelligence/shopify-admin-order-notes-and-attributes-report/SKILL.md), but lacks sanitization.
  • Sanitization: External content is interpolated directly into the context without escaping or validation, presenting a surface for indirect prompt injection.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 13, 2026, 06:49 PM