shopify-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes data from external Shopify records which may contain instructions targeting the agent.\n
- Ingestion points: Untrusted data enters via SHOPIFY_GET_PRODUCTS, SHOPIFY_GET_ORDERS_WITH_FILTERS, and SHOPIFY_GET_ALL_CUSTOMERS in SKILL.md.\n
- Boundary markers: Absent; the instructions do not include specific delimiters or warnings to ignore instructions embedded in the ingested data.\n
- Capability inventory: The skill allows write operations via SHOPIFY_BULK_CREATE_PRODUCTS and arbitrary query execution via SHOPIFY_GRAPH_QL_QUERY in SKILL.md.\n
- Sanitization: Absent; no content sanitization or validation logic is defined within the skill instructions.\n- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials or sensitive file paths were detected. Tool access is managed through standard MCP connection protocols.\n- [Unverifiable Dependencies] (SAFE): The skill utilizes the Model Context Protocol (MCP) as intended. Setup instructions for adding an MCP server (rube.app/mcp) are informational for the user and do not constitute runtime remote code execution.\n- [Obfuscation] (SAFE): No obfuscation techniques such as Base64 encoding, zero-width characters, or homoglyphs were found.
Audit Metadata