shopify
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION] (HIGH): The skill processes external, potentially attacker-controlled data from Shopify APIs (GraphQL/REST) and Webhooks. Given its capabilities for code deployment (
shopify app deploy) and data modification (write_products), this presents a significant risk for indirect prompt injection. - Ingestion points: GraphQL/REST API responses and Webhook payloads.
- Boundary markers: Absent; there are no instructions to delimit or distrust external data.
- Capability inventory: Subprocess execution of Shopify CLI for deployment and usage of write-access API scopes.
- Sanitization: Absent; no logic is provided to sanitize or validate external content before processing.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill installs the
@shopify/clipackage from npm. Since Shopify is not on the provided list of trusted external sources, this is classified as an unverifiable dependency. - [COMMAND_EXECUTION] (MEDIUM): The skill executes an unverified local script
scripts/shopify_init.py. Without the ability to audit this script's contents, it represents a risk for arbitrary command execution.
Recommendations
- AI detected serious security threats
Audit Metadata