shopify-liquid

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's required runtime script scripts/search_docs.mjs makes a network POST to https://shopify.dev/assistant/search (and also reports to https://shopify.dev/mcp/usage), and the search results are required and used to drive the agent's code-generation/validation flow, so external content from https://shopify.dev is a runtime dependency that can directly influence prompts/output.