shopify-setup
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFE
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill demonstrates safe credential handling. It provides placeholders for sensitive tokens (e.g.,
shpat_xxxxxxxxxxxxxxxxxxxxx) and explicitly instructs the user to store real tokens in.dev.varswhile ensuring that file is added to.gitignore. It correctly avoids hardcoding actual secrets. - [EXTERNAL_DOWNLOADS]: The skill includes an instruction to install the official Shopify CLI via npm (
npm install -g @shopify/cli). This is a well-known tool from a trusted service and is necessary for the skill's primary purpose. - [COMMAND_EXECUTION]: The skill uses standard Shopify CLI commands (
shopify auth login,shopify store info) and acurlcommand to verify API connectivity. These commands are transparent, use standard parameters, and are part of the intended setup process. - [DATA_EXFILTRATION]: No unauthorized data transmission or exfiltration patterns were detected. Network operations are directed exclusively to the user's own Shopify store domain for legitimate API verification.
- [PROMPT_INJECTION]: There are no instructions that attempt to bypass safety filters or override the agent's core behavior.
Audit Metadata