shopify-automation
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to add an external third-party MCP server at
https://rube.app/mcp. This external service facilitates communication with Shopify and handles the authentication flow, meaning store data and credentials transit through this non-whitelisted infrastructure. - [DATA_EXFILTRATION]: The skill utilizes tools such as
SHOPIFY_GET_ALL_CUSTOMERSandSHOPIFY_GET_ORDERS_WITH_FILTERSwhich retrieve sensitive store information. This data is processed by the agent and shared with the configured external MCP server. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from Shopify that could be modified by third parties (e.g., customer names, product titles, or order notes).
- Ingestion points: Data enters the agent context via retrieval tools like
SHOPIFY_GET_PRODUCTS,SHOPIFY_GET_ALL_CUSTOMERS, andSHOPIFY_GET_ORDERS_WITH_FILTERSdefined inSKILL.md. - Boundary markers: The instructions do not define delimiters or specific warnings to ignore instructions embedded within the retrieved Shopify data.
- Capability inventory: The skill possesses significant capabilities, including the ability to execute arbitrary queries via
SHOPIFY_GRAPH_QL_QUERYand perform bulk writes viaSHOPIFY_BULK_CREATE_PRODUCTS. - Sanitization: No evidence of input validation or sanitization is present in the skill instructions.
Audit Metadata