shopfleet-cli
Warn
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXPOSURE]: The skill accesses sensitive configuration files located at
~/.shopfleet/stores.jsonand~/.store-manager/stores.json. These files contain authentication secrets, includingclientSecretandaccessToken, used for managing Shopify stores. - [INDIRECT_PROMPT_INJECTION]: The skill processes data from external Shopify stores (such as product descriptions, order notes, and customer details) which could contain malicious instructions.
- Ingestion points: External data is ingested through the Shopify Admin GraphQL API via
src/client.tsand various command groups. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands in the store data are defined.
- Capability inventory: The skill can execute shell commands, perform Shopify mutations (create, update, delete), and read local configuration files.
- Sanitization: No sanitization or validation steps are mentioned for content retrieved from the Shopify API before processing.
- [COMMAND_EXECUTION]: The skill involves executing local commands and build scripts, such as
node dist/index.js,npm run build, andnpm test, which grants the agent the ability to run code residing in the local repository.
Audit Metadata