shopify-app-review
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a specialized code analysis tool designed to audit local projects for Shopify App Store compliance. It does not perform any destructive actions or unauthorized data access.
- [SAFE]: All external references, including documentation links (shopify.dev, shopify.com) and package names (@shopify/app-bridge-react), are official Shopify vendor resources, aligning with the skill's stated authorship and purpose.
- [SAFE]: No evidence of prompt injection, obfuscation, or remote code execution was detected. The instructions focus on pattern matching within the developer's codebase.
- [SAFE]: While the skill ingests untrusted data from the local codebase (Indirect Prompt Injection surface), it lacks capabilities such as external network requests or file-writing tools that could be exploited by malicious content within the audited files.
Audit Metadata