shopify
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): No security issues detected.
- Category 1 (Prompt Injection): No instructions found that attempt to override agent behavior or bypass safety filters.
- Category 2 (Data Exposure & Exfiltration): No hardcoded credentials or access to sensitive file paths. The included JavaScript uses a standard relative Shopify API endpoint (
/cart/add.js). - Category 3 (Obfuscation): No obfuscated or encoded content detected.
- Category 4 (Unverifiable Dependencies & Remote Code Execution): No external packages are installed, and no remote scripts are downloaded or executed.
- Category 5 (Privilege Escalation): No commands for escalating privileges or modifying system files are present.
- Category 6 (Persistence Mechanisms): No attempts to maintain access through shell profiles or scheduled tasks.
- Category 7 (Metadata Poisoning): Metadata is consistent with the skill's primary purpose of providing Shopify development guidance.
- Category 8 (Indirect Prompt Injection): While the skill involves processing e-commerce data, it does not present a surface for indirect prompt injection within the agent context.
- Category 9 (Time-Delayed / Conditional Attacks): No logic exists that triggers behavior based on time or specific conditions.
- Category 10 (Dynamic Execution): No runtime code generation or unsafe deserialization patterns were found.
Audit Metadata