shopify-development
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Unverifiable Dependencies (MEDIUM): The skill installs @shopify/cli and related packages from npm. While these are official Shopify tools, the shopify organization is not in the system's explicit Trusted Source list.
- Indirect Prompt Injection (HIGH): The skill defines a workflow where the agent processes untrusted external data (Shopify store data) and has the capability to modify state or deploy code.
- Ingestion points: Data fetched via GetProducts and GetOrders GraphQL queries in SKILL.md.
- Boundary markers: Absent; templates do not include specific delimiters or instructions to ignore embedded commands in fetched data.
- Capability inventory: Includes shopify app deploy (code deployment), shopify app dev (local tunneling), and GraphQL mutations for data modification (SetMetafields) in SKILL.md.
- Sanitization: Code examples lack robust validation of external inputs before processing or displaying them.
Recommendations
- AI detected serious security threats
Audit Metadata