shopify-merchant-onboarding

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill instructs the agent to fetch and "follow" and "Execute its instructions exactly as written" from the external URL https://www.shopify.com/SKILL.md, meaning the assistant will read and act on third-party public website content that can change its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs fetching and executing the full runtime instructions from https://www.shopify.com/SKILL.md and to "Execute its instructions exactly as written," meaning remote content directly controls agent prompts and can include code/installation steps.