shopify-development
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends the installation of official Shopify development tools, specifically @shopify/cli and @shopify/theme, from well-known package registries. These are essential, legitimate tools provided by Shopify for the developer workflows described in the skill.
- [COMMAND_EXECUTION]: The shopify_init.py script invokes the 'shopify version' command via the subprocess module. This is performed as an environment sanity check to ensure the required Shopify CLI is installed on the system before attempting project initialization.
- [SAFE]: The skill promotes security best practices throughout its documentation and code examples, including the mandatory use of environment variables for storing API secrets, the validation of OAuth state parameters to prevent CSRF, and the verification of HMAC signatures for Shopify webhook processing.
Audit Metadata