shopify-development

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly makes network requests to arbitrary merchant stores and external APIs (e.g., scripts/shopify_graphql.py calling https://{shop}/admin/api/... and references/extensions.md showing fetch("https://your-app.com/api/data")), so the agent ingests untrusted, third-party store/user-generated content that can directly influence behavior (queries, mutations, extension actions) as part of its core workflow.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly targets Shopify billing and app subscription features (triggers include "shopify billing", "app subscription" and the overview lists "Implementing webhooks or billing"). The references call out "billing API integration" and "Shopify Functions for discounts/payment/delivery", and the skill covers checkout/admin extensions and scopes (e.g., write_orders) that enable transactional operations. These items indicate the skill is specifically designed to integrate with payment/billing APIs to create charges/subscriptions and modify checkout/payment behavior — i.e., direct financial execution capability.