shopify-automation
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides structured templates and logic for e-commerce automation. It does not contain any executable scripts, binaries, or hidden commands. All external integrations (Slack, Shopify, ShipStation) are consistent with the skill's stated purpose.- [PROMPT_INJECTION]: The skill defines an indirect prompt injection surface as it ingests data from external Shopify API endpoints (e.g., product titles, customer notes). While this data could theoretically contain malicious instructions, the risk is minimal given the structured automation context.
- Ingestion points: Data fetched via the
shopify_orders,shopify_inventory,shopify_customers, andshopify_productstools. - Boundary markers: No explicit boundary markers or instruction-isolation warnings are present in the workflow templates.
- Capability inventory: The skill is limited to tool executions via the
shopify-mcpserver; no local file system access, shell command execution, or arbitrary network requests are present. - Sanitization: Relies on the agent's internal safety filters and the specific implementation of the MCP server.
Audit Metadata