shopify-development

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill includes runtime network calls that ingest untrusted, user-generated store content — e.g., scripts/shopify_graphql.py queries arbitrary shop domains at https://{shop}/admin/api/... and the extensions examples call arbitrary external URLs like https://your-app.com/api/data, so the agent would read and process third‑party (merchant/user) content.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly references Shopify billing and app subscriptions, and points to "billing API integration" and "Shopify Functions for discounts/payment/delivery" in its references. It exposes Admin GraphQL patterns that surface order and financial fields and lists scopes (read_orders, write_orders) relevant to managing orders/payments. These are specific, platform billing/payment APIs (not generic tools like a browser or generic HTTP caller), so the skill includes explicit financial-execution capabilities.