Skills
skills/lvsao/shopify-skill-hub/wechat-to-shopify-blog/Gen Agent Trust Hub

wechat-to-shopify-blog

Warn

Audited by Gen Agent Trust Hub on May 6, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands to install the Shopify CLI (npm install -g @shopify/cli@latest) and uses Node's execFile to run it. This involves spawning processes to interact with the Shopify Admin API.
  • [EXTERNAL_DOWNLOADS]: The skill fetches article content and images from mp.weixin.qq.com and downloads the official Shopify CLI from the NPM registry. These sources are considered well-known services.
  • [PROMPT_INJECTION]: Vulnerable to indirect prompt injection (Category 8) as it processes content from external WeChat URLs.
  • Ingestion points: Fetched article content in scripts/fetch-wechat-article.mjs.
  • Boundary markers: Missing clear delimiters or instructions to ignore instructions within the source content during the adaptation process.
  • Capability inventory: Ability to create and update Shopify articles via scripts/shopify-blog-admin.mjs.
  • Sanitization: Basic entity decoding is performed, but no sanitization for adversarial LLM instructions is implemented.
  • [REMOTE_CODE_EXECUTION]: The skill performs dynamic execution by resolving the path to the Shopify CLI entrypoint script at runtime and executing it using the Node.js binary. It also writes GraphQL queries and variables to temporary files and executes them via the resolved CLI path.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 6, 2026, 12:27 PM