shopify
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (MEDIUM): The skill instructions in SKILL.md reference the execution of 'python scripts/shopify_init.py'. However, the content of this file is not included in the skill package, meaning the agent would be executing unvetted code if the file were present in the runtime environment.
- External Downloads (LOW): The skill prompts the user to install the '@shopify/cli' and '@shopify/theme' packages via npm (SKILL.md). While these are legitimate tools, they are external dependencies downloaded at runtime.
- Indirect Prompt Injection (LOW): The skill possesses a surface for indirect prompt injection by processing external Shopify data. 1. Ingestion points: Shopify API responses for products, orders, and customers (as seen in GraphQL examples in references/app-development.md). 2. Boundary markers: Absent; no delimiters or instructions are provided to distinguish external data from agent instructions. 3. Capability inventory: Shell command execution via 'shopify' CLI and network requests via 'fetch' (as seen in SKILL.md). 4. Sanitization: Absent; the provided code snippets do not demonstrate validation or escaping of API data before processing.
Audit Metadata