shopify-developer
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- CREDENTIALS_UNSAFE (HIGH): The skill instructions in SKILL.md explicitly direct the agent to 'Source environment variables from ~/.agents/.env before running commands.' This targets a specific hidden file path often used to store sensitive credentials like API tokens. Accessing sensitive local file paths without user confirmation is a high-risk behavior for automated agents.
- PROMPT_INJECTION (LOW): The skill exhibits an attack surface for indirect prompt injection. 1. Ingestion points: The skill processes data from product queries (references/storefront-api.md) and webhook payloads (references/webhooks-events.md). 2. Boundary markers: No delimiters or warnings are present to instruct the agent to ignore embedded instructions within processed data. 3. Capability inventory: The skill utilizes Admin GraphQL mutations (SKILL.md) and shopify CLI theme push commands (references/theme-architecture.md) which could be misused if the agent obeys instructions embedded in the data it reads. 4. Sanitization: While the skill mentions HMAC verification for webhooks, it lacks sanitization or filtering for natural language instructions embedded in product descriptions or metaobjects.
Recommendations
- AI detected serious security threats
Audit Metadata