shopify-hydrogen
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to install official Shopify CLI tools and Hydrogen framework packages via the npm registry, which is a standard development workflow.
- [REMOTE_CODE_EXECUTION]: Includes configuration for a GitHub Action using the official
Shopify/hydrogen-action, which is a well-known and trusted service for CI/CD deployment to Shopify's Oxygen platform. - [CREDENTIALS_UNSAFE]: Environment variable examples use clearly marked placeholders (e.g., 'your-session-secret', 'your-public-token') for sensitive information, adhering to best practices for template documentation.
- [DATA_EXFILTRATION]: Network operations are restricted to communication with official Shopify Storefront API endpoints using standard authentication methods.
- [COMMAND_EXECUTION]: Shell commands provided are standard project initialization and development tasks (
npm create,npm run dev,shopify hydrogen deploy) within the local environment context.
Audit Metadata