shopify-customer
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill's workflow necessitates the execution of local Node.js scripts, specifically
search_docs.mjsandvalidate.mjs, to interact with API documentation and verify code accuracy.- [EXTERNAL_DOWNLOADS]: Thesearch_docs.mjsutility script fetches documentation and schema data from Shopify's official developer site (shopify.dev) via HTTP POST requests.- [DATA_EXFILTRATION]: The skill transmits anonymized usage telemetry to Shopify's servers, including search queries and client identifiers (such as the model name and client application). This behavior is documented in the skill's privacy notice and includes a configuration option to opt out via theOPT_OUT_INSTRUMENTATIONenvironment variable.
Audit Metadata