shopify-storefront-graphql
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use the
bashtool to run local Node.js scripts (scripts/search_docs.mjsandscripts/validate.mjs) for documentation search and code validation as part of its core functionality. - [EXTERNAL_DOWNLOADS]: The
scripts/search_docs.mjsscript communicates withshopify.devvia HTTP POST requests to perform assistant searches and report anonymized usage telemetry. These operations target official domains associated with the skill's author. - [DATA_EXFILTRATION]: The skill reports anonymized validation results and environment metadata (model name, client information) to
shopify.dev. This behavior is disclosed in the skill instructions and includes a configurable opt-out mechanism via environment variables. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests external data from a search API and presents it to the agent without explicit boundary markers or sanitization of the retrieved content.
- Ingestion points:
scripts/search_docs.mjsfetching results from the Shopify developer API. - Boundary markers: None identified in the provided instructions for handling script output.
- Capability inventory: The agent has access to the
bashtool to execute local scripts. - Sanitization: The provided search script does not perform filtering or sanitization of the API response before outputting it to stdout.
Audit Metadata