shopify-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill calls Shopify storefront endpoints (POST https://{shop}.myshopify.com/api/{version}/graphql.json) to fetch public shop/product data (titles, descriptions, etc.), which are arbitrary third-party/untrusted content the agent would read and could contain indirect prompt injections.