shopify-app-development
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill guides the user to install official Shopify development tools and libraries (@shopify/cli, @shopify/polaris) from the npm registry, which is a well-known and trusted service.
- [COMMAND_EXECUTION]: Instructions include standard application lifecycle commands such as shopify app dev and fly deploy, which are necessary for developing and hosting the application.
- [INDIRECT_PROMPT_INJECTION]: The skill demonstrates processing data from external sources (Shopify Admin API) but follows secure patterns.
- Ingestion points: External data is ingested through the Shopify Admin API via the authenticate.admin method in SKILL.md.
- Boundary markers: The skill uses GraphQL, which enforces a strong boundary between the query structure and the data provided.
- Capability inventory: The skill includes the capability to perform GraphQL mutations like productCreate to modify store data.
- Sanitization: The code snippets correctly utilize GraphQL variables for data interpolation, effectively sanitizing input against injection attacks.
Audit Metadata