Skills
NYC
skills/smithery/ai/shopify-development/Gen Agent Trust Hub

shopify-development

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructs users to install @shopify/cli globally via npm. While a legitimate tool, the shopify organization is not included in the predefined [TRUST-SCOPE-RULE] list of trusted entities.
  • [COMMAND_EXECUTION] (MEDIUM): The skill makes extensive use of CLI commands (shopify app dev, shopify app deploy) and references local execution of scripts like python scripts/shopify_init.py. This provides a pathway for executing logic that could be manipulated if the environment or inputs are compromised.
  • [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8).
  • Ingestion points: Processes external, attacker-controllable data from Shopify via GraphQL queries (e.g., products, orders) and webhooks.
  • Boundary markers: None identified in the provided prompt templates or code examples to distinguish between instructions and data.
  • Capability inventory: Significant write/execute capabilities including shopify app deploy (external modification), shopify app dev (network operations/tunnels), and GraphQL mutations (metafieldsSet).
  • Sanitization: While 'Best Practices' mention HMAC verification, the provided examples lack specific sanitization for the untrusted content being processed, which could lead to an agent following instructions embedded in product titles or order notes.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 08:17 AM