app-shopify-admin-graphql
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill enables an agent to ingest untrusted data that could influence its behavior while it has high-privilege access to Shopify resources. Ingestion points: Data returned from Shopify Admin API (e.g., customer notes, order details) and user-supplied form data. Boundary markers: Absent; there are no instructions to the agent to ignore embedded commands in the data it processes. Capability inventory: Extensive read and write capabilities via admin.graphql, including creating and updating customers, orders, and products. Sanitization: While the code provides regex and string-replacement examples for variables, there is no protection against the agent interpreting malicious natural language instructions found within retrieved store data.
- [External Downloads] (MEDIUM): The skill references the '@shopify/shopify-app-remix' package. Per the [TRUST-SCOPE-RULE], Shopify is not on the list of trusted organizations, making this an unverifiable external dependency.
Recommendations
- AI detected serious security threats
Audit Metadata