shopify-automation
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill possesses a surface for indirect prompt injection as it retrieves untrusted data from external Shopify store environments and can perform state-changing actions based on that data.
- Ingestion points: Data enters the agent's context through tools like
SHOPIFY_GET_PRODUCTS,SHOPIFY_GET_ORDERS_WITH_FILTERS, andSHOPIFY_GET_ALL_CUSTOMERS. - Boundary markers: The skill lacks explicit instructions or system-level delimiters to prevent the agent from following commands embedded within product descriptions, order notes, or customer metadata.
- Capability inventory: The skill has significant capabilities, including
SHOPIFY_BULK_CREATE_PRODUCTS,SHOPIFY_CREATE_SMART_COLLECTIONS, andSHOPIFY_ADD_PRODUCT_TO_COLLECTION, which could be abused if an injection is successful. - Sanitization: No evidence of data sanitization or validation logic is provided to filter instructions from data retrieved via the Shopify API.
- [External Downloads] (LOW): The skill requires the addition of an external MCP server (
https://rube.app/mcp). While this is a standard configuration for using MCP bridges, it introduces a dependency on an external service provider that is not on the predefined trusted list.
Audit Metadata