Skills
skills/finsilabs/awesome-ecommerce-skills/jamstack-storefront/Gen Agent Trust Hub

jamstack-storefront

Pass

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides command-line instructions for initializing development projects using npx create-next-app and npm create astro.
  • [EXTERNAL_DOWNLOADS]: The skill references the installation of standard industry libraries from the NPM registry, including @shopify/storefront-api-client, graphql-request, and zustand.
  • [PROMPT_INJECTION]: Identifies an indirect prompt injection surface as the skill logic ingests and renders product data (titles, descriptions) from external commerce APIs like Shopify and Saleor. The implementation uses modern frameworks (Next.js, Astro) that provide automatic output escaping, which serves as a primary defense against content injection.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 16, 2026, 11:35 AM