Shopify Workflow & Tools
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill instructions include downloading and installing software and code from sources not listed in the trusted whitelist. Specifically, it uses 'npm install -g @shopify/cli' and '@shopify/theme-check', and 'shopify theme init --clone-url' to pull from GitHub. Since the 'Shopify' organization is not in the [TRUST-SCOPE-RULE] whitelist, these are treated as high-risk untrusted downloads of executable content.
- [PROMPT_INJECTION] (HIGH): The skill exhibits a significant surface for Indirect Prompt Injection (Category 8). 1. Ingestion points: 'shopify theme pull' and 'shopify theme init' fetch theme files from external Shopify stores and Git repositories. 2. Boundary markers: No delimiters or instructions to ignore embedded commands are present. 3. Capability inventory: The 'shopify theme dev' command executes and renders these files in a local server, and 'shopify theme push' writes them to remote environments. 4. Sanitization: There is no process for validating or escaping content from the external theme files, allowing potentially malicious Liquid or JS to influence the agent or environment.
- [COMMAND_EXECUTION] (MEDIUM): The workflow relies on CLI tools that perform sensitive operations, such as 'shopify theme push --force' and 'shopify theme delete', which can lead to data loss or unintended modifications if exploited.
Recommendations
- AI detected serious security threats
Audit Metadata