shopify-automation
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill requires registering an external MCP server at 'https://rube.app/mcp'. This domain is not on the trusted organization list, and while it is a configuration step, it introduces an unverified external dependency for tool execution.
- PROMPT_INJECTION (LOW): Surface for Indirect Prompt Injection (Category 8) due to the processing of untrusted data from the Shopify API.
- Ingestion points: Data enters through 'SHOPIFY_GET_PRODUCTS', 'SHOPIFY_GET_ORDERS_WITH_FILTERS', and 'SHOPIFY_GET_ALL_CUSTOMERS'.
- Boundary markers: Absent. There are no instructions to use delimiters or ignore embedded instructions in store data.
- Capability inventory: The skill possesses extensive store modification capabilities and supports arbitrary GraphQL queries via 'SHOPIFY_GRAPH_QL_QUERY'.
- Sanitization: Absent. There is no logic provided to sanitize or validate store-retrieved strings before they are processed by the LLM.
Audit Metadata