shopify-observability
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill incorporates security best practices by implementing HMAC signature verification for incoming webhooks in Step 4, ensuring that data processed by the agent originates from a legitimate Shopify source.
- [SAFE]: Step 5 includes specific configurations for the 'pino' logger to redact sensitive fields such as access tokens and personally identifiable information (PII), preventing accidental data exposure in log files.
- [SAFE]: The code utilizes established and well-known libraries (prom-client, pino, express) for its implementation without involving untrusted external dependencies or remote script execution.
- [SAFE]: Webhook processing handles external data from Shopify as part of its primary purpose; however, it includes signature validation to ensure authenticity, mitigating risks associated with untrusted data ingestion.
Audit Metadata