shopify-development

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests content from external shop domains and APIs (e.g., scripts/shopify_graphql.py posts to https://{shop}/admin/api/2026-01/graphql.json and references/extensions.md shows extensions making network calls to external APIs), and it reads user/merchant-generated fields (product titles, descriptions, tags, metafields) that are then used in code and functions to make decisions (paginate_products, Shopify Functions using product.hasTag to apply discounts), so untrusted third‑party content can materially influence behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly references Shopify billing and app subscriptions, and points to "billing API integration" and "Shopify Functions for discounts/payment/delivery" in its references. It exposes Admin GraphQL patterns that surface order and financial fields and lists scopes (read_orders, write_orders) relevant to managing orders/payments. These are specific, platform billing/payment APIs (not generic tools like a browser or generic HTTP caller), so the skill includes explicit financial-execution capabilities.