shopify-pos-ui
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use the bash tool to run Shopify CLI commands such as
shopify app initandshopify app generate extensionfor scaffolding projects. It also executes local utility scriptsscripts/search_docs.mjsandscripts/validate.mjsas part of the standard development workflow.\n- [EXTERNAL_DOWNLOADS]: The skill'spackage.jsondefines standard dependencies liketypescript,preact, and@shopify/ui-extensions. These are well-known packages sourced from official package registries.\n- [DATA_EXFILTRATION]: Both search and validation scripts contain instrumentation logic that sends telemetry (including documentation queries and the code being validated) toshopify.dev. This is disclosed in a privacy notice in the skill instructions and targets the official infrastructure of the trusted author (Shopify).
Audit Metadata