Skills
skills/shopify/shopify-ai-toolkit/shopify-polaris-customer-account-extensions/Gen Agent Trust Hub

shopify-polaris-customer-account-extensions

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill utilizes scripts/search_docs.mjs to perform documentation lookups and scripts/validate.mjs to report usage instrumentation to https://shopify.dev/. These operations are consistent with the skill's purpose and target the vendor's own well-known infrastructure.
  • [COMMAND_EXECUTION]: The instructions require the agent to use the bash tool to run local JavaScript utilities (search_docs.mjs and validate.mjs). These scripts facilitate documentation retrieval and TypeScript-based code validation in a controlled manner.
  • [DATA_EXFILTRATION]: Instrumentation logic in the validation script sends the generated code snippets and metadata to the vendor's developer domain for quality monitoring. This is a documented feature of the tool and includes an opt-out mechanism via environment variables.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 11:33 AM