shopify
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): Recommends the installation of the
@shopify/clitool and several Shopify-scoped Node.js packages. Although Shopify is a reputable vendor, the organization is not on the pre-defined trusted source whitelist, characterizing this as a medium-risk finding before adjusting for the skill's context. - [PROMPT_INJECTION] (LOW): The skill is designed to process data from Shopify store APIs, which may contain attacker-controlled content in fields like product titles or customer notes. This represents an Indirect Prompt Injection surface.
- Ingestion points: SKILL.md (GraphQL product queries), references/app-development.md (Webhook handlers and order queries).
- Boundary markers: Absent; code snippets demonstrate processing data without isolation markers or instructions to ignore embedded content.
- Capability inventory: File system initialization via
shopify app init, authenticated API calls viafetch, and shell command execution via CLI tools. - Sanitization: No explicit sanitization or instruction-ignoring logic is implemented in the provided data-processing examples.
- [COMMAND_EXECUTION] (SAFE): Standard usage of Shopify CLI commands for development tasks such as project initialization and theme previewing.
Audit Metadata