shopify-developer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill includes concrete runtime flows that fetch and ingest content from external Shopify stores and app endpoints (e.g., fetches to https://{store}.myshopify.com/admin/api/... in references/api-admin.md, Storefront/Ajax calls in references/api-storefront.md, the theme JS fetch to /apps/reviews/api/reviews in references/app-development.md, and reading JSON metafields in references/functions.md), which are untrusted/user-provided sources (product descriptions, reviews, metafield config) and are parsed/used to drive UI, business logic, and function behavior — so third-party content can materially influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a specialized Shopify development reference (not a generic tool) and explicitly documents programmatic commerce APIs: GraphQL Admin API endpoints, Storefront API, and Ajax cart endpoints (/cart/add.js, /cart/change.js). It also references Shopify objects like cart, order, customer and "cart operations via Ajax API" and shows example POSTs with access tokens. These are explicit, platform-specific APIs for manipulating carts/orders and interacting with a store's checkout state — i.e., programmatic e‑commerce operations that can be used to create/modify orders and affect payments. Therefore it grants direct financial execution capability.