shopify

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required workflow instructs the agent to fetch and act on untrusted merchant/store content (e.g., querying the GraphQL Admin API at https://{shop-name}.myshopify.com/admin/api/2025-01/graphql.json and using shopify theme pull/push to ingest theme files as shown in SKILL.md and reference/cli-commands.md), meaning third-party product, theme, and customer data are read and used to drive mutations and UI actions and could contain instructions that influence behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is specifically about building Shopify apps and integrating with Shopify's Admin/Storefront APIs, Checkout extensions, and POS. It explicitly documents payment-related capabilities: Shopify Functions for "payment customization", Checkout and POS extensions, Webhooks like orders/paid, and Admin API scopes such as write_orders. Those APIs and extension types are specifically designed to manage e-commerce transactions (create/modify orders, handle checkout/payment flows, and POS), which constitute direct financial execution authority for processing charges and order payments. Therefore it meets the "specific tools/functions to move money" criterion.