shopify-automation
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the configuration of a remote MCP server at
https://rube.app/mcp. This endpoint acts as the execution environment for all Shopify tools, meaning tool definitions and execution logic are loaded from an external, non-whitelisted domain. - [DATA_EXFILTRATION]: The skill is designed to handle sensitive Shopify data, including customer records (names, emails, spending habits), order details, and inventory. This information is transmitted to and processed by the external Rube MCP infrastructure, creating a significant data exposure surface for business and personal information.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface.
- Ingestion points: Untrusted data enters the context through
SHOPIFY_GET_ALL_CUSTOMERS,SHOPIFY_GET_PRODUCTS, andSHOPIFY_GET_ORDERS_WITH_FILTERS(e.g., customer names, product descriptions, or order notes created by external users). - Boundary markers: No delimiters or instructions to ignore embedded commands are present in the workflows.
- Capability inventory: The skill has the capability to perform network operations via the Shopify API and modify store configurations.
- Sanitization: There is no mention of sanitizing external content before it is processed by the agent.
- [COMMAND_EXECUTION]: The skill explicitly allows for the execution of arbitrary GraphQL queries via
SHOPIFY_GRAPH_QL_QUERY. This provides a high degree of control over the Shopify store environment, which could be exploited if the agent is influenced by malicious input.
Audit Metadata