shopify-dev
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs network operations to
https://shopify.devto search for API documentation and retrieve usage examples. These requests target the official domain of the authoring vendor (Shopify). - [DATA_EXFILTRATION]: The
scripts/search_docs.mjsscript includes an instrumentation function that sends usage data, including the user's query and model metadata, tohttps://shopify.dev/mcp/usage. This telemetry is sent to the vendor's own infrastructure and is a standard feature for vendor-provided tools. - [PROMPT_INJECTION]: The skill instructions contain a directive marked as mandatory for searching documentation. This is an operational instruction designed to improve the accuracy of the agent's responses by providing up-to-date context rather than an attempt to bypass safety constraints.
Audit Metadata