shopify-development
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8) due to its interaction with external Shopify merchant data. \n
- Ingestion points: Processes data from Shopify GraphQL Admin API queries (Products, Orders) and incoming webhooks.\n
- Boundary markers: There are no delimiters or instructions to ignore embedded commands within the external data fetched from Shopify.\n
- Capability inventory: Possesses powerful execute and write capabilities, including 'shopify app deploy', 'shopify theme push', and GraphQL mutations (e.g., 'metafieldsSet').\n
- Sanitization: No sanitization or validation of external content is specified before the agent processes or acts upon it.\n- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructs the agent/user to install '@shopify/cli' via 'npm install -g'. While Shopify is a reputable entity, it is not included in the provided list of Trusted GitHub Organizations, making the dependency unverifiable according to strict security policy.\n- [COMMAND_EXECUTION] (LOW): The skill directs the execution of shell commands and local Python scripts (e.g., 'scripts/shopify_init.py'). While these are standard development workflows, they provide an execution surface that could be abused if the agent is tricked by malicious instructions.
Recommendations
- AI detected serious security threats
Audit Metadata