headless-hydrogen
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references official and well-known Shopify resources, including the @shopify/hydrogen package and the Shopify CLI. It also includes a link to a web component script from cdn.shopify.com, which is an established service.
- [COMMAND_EXECUTION]: Provides standard instructions for project initialization, development, and deployment using npm and npx commands (e.g., npm run dev, npx shopify hydrogen deploy). These are appropriate for the skill's primary purpose.
- [CREDENTIALS_UNSAFE]: Environment variable examples for session secrets and API tokens use safe, generic placeholders for configuration guidance.
- [DATA_EXFILTRATION]: Performs legitimate network operations to Shopify's official Storefront API for e-commerce functionality. No unauthorized data transfer or suspicious network activity was identified.
Audit Metadata