shopify-built-for-shopify
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No instructions attempting to override agent behavior, bypass safety filters, or extract system prompts were detected.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file paths, or unauthorized network operations were found. References to Shopify CDNs are standard for the platform.
- [Obfuscation] (SAFE): No Base64 encoding, zero-width characters, or homoglyphs were used to hide content.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill references standard Shopify packages (@shopify/shopify-app-remix, @shopify/app-bridge) and the official Shopify App Bridge CDN. No suspicious remote execution patterns (e.g., curl|bash) were present.
- [Indirect Prompt Injection] (SAFE): While the skill is designed to audit user-provided code, it does not include execution capabilities or automated workflows that would create a high-risk attack surface.
Audit Metadata