shopify-storefront-api
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues were detected in this skill. The instructions and code snippets follow industry best practices for headless commerce integration.
- [SAFE]: The skill uses the official @shopify/storefront-api-client package and correctly distinguishes between public tokens (client-side) and private tokens (server-side) to prevent credential leakage.
- [SAFE]: All network operations are directed towards Shopify's well-known infrastructure.
- [SAFE]: GraphQL queries are implemented using variables, mitigating risks associated with injection.
Audit Metadata