shopify-development
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation and scripts reference official Shopify tools like
@shopify/cliand@shopify/theme. These are well-known services provided by a trusted organization. - [COMMAND_EXECUTION]: The
scripts/shopify_init.pyscript executesshopify versionusingsubprocess.runto verify CLI installation. This is a legitimate utility function for a development tool and does not involve untrusted input. - [DATA_EXFILTRATION]: The
scripts/shopify_graphql.pyscript communicates with the Shopify Admin API. These network operations are necessary for the skill's functionality and use user-provided credentials from environment variables. There is no indication of data being sent to unauthorized destinations. - [CREDENTIALS_UNSAFE]: The documentation and code correctly advise the use of environment variables for sensitive credentials like
SHOPIFY_ACCESS_TOKENandSHOPIFY_API_SECRET. The provided examples use safe placeholders and do not contain hardcoded secrets.
Audit Metadata