shopify-automation
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes data from Shopify that could be controlled by external users.
- Ingestion points: Data retrieved through tools like SHOPIFY_GET_ALL_CUSTOMERS, SHOPIFY_GET_ORDERS_WITH_FILTERS, and SHOPIFY_GET_PRODUCTS.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present.
- Capability inventory: The skill includes modification capabilities such as SHOPIFY_BULK_CREATE_PRODUCTS, SHOPIFY_CREATE_SMART_COLLECTIONS, and SHOPIFY_GRAPH_QL_QUERY.
- Sanitization: No input validation or sanitization is specified for ingested data.
- [EXTERNAL_DOWNLOADS]: The skill requires connecting to an external MCP server at https://rube.app/mcp to provide automation tools. This domain is not recognized as a trusted organization or well-known service in the authoritative list.
Audit Metadata