theme-development
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Identified as having a high surface for Indirect Prompt Injection (Category 8). 1. Ingestion points: The skill ingests untrusted content from various theme files, including Liquid templates, JSON configurations, and JavaScript assets. 2. Boundary markers: Absent; there are no instructions or markers to help the agent distinguish between code and malicious natural language instructions. 3. Capability inventory: The skill utilizes
shopify theme pushto upload code to live stores andshopify theme devfor local server execution. 4. Sanitization: Absent; no validation or sanitization is performed on the ingested theme content. This combination allows an attacker to influence agent behavior by embedding instructions in theme code. - [EXTERNAL_DOWNLOADS] (MEDIUM): The
shopify theme initcommand is designed to clone the Skeleton theme fromhttps://github.com/shopify/skeleton-theme. Because theshopifyorganization is not present in the mandatory list of Trusted GitHub Organizations, this download is classified as an unverifiable external dependency. - [COMMAND_EXECUTION] (LOW): The skill documentation encourages the use of the Shopify CLI for theme management. While these are standard developer tools, they involve the execution of system-level commands.
Recommendations
- AI detected serious security threats
Audit Metadata