shopify-app-release-assistant
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE] (SAFE): The skill consists entirely of Markdown documents (SKILL.md and reference files). No scripts, executables, or package manager configurations are present.
- [PROMPT_INJECTION] (SAFE): An indirect prompt injection surface exists as the skill processes user-supplied app descriptions and test credentials. This is rated SAFE because the skill possesses no tools or capabilities to execute commands or exfiltrate data. 1. Ingestion points: User app descriptions and test credentials in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: None; limited to text generation. 4. Sanitization: Absent.
Audit Metadata