shopify-liquid
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Documentation Only (SAFE): The skill consists entirely of reference material for Shopify developers. It does not include any scripts (.py, .js, .sh) or executable files.
- Data Exposure (SAFE): While the documentation mentions accessing sensitive objects like
customerorcart, these are standard Shopify Liquid objects accessed within the context of a Shopify storefront and do not involve credential exfiltration or unauthorized access. - Indirect Prompt Injection (LOW): The skill explains how to ingest data like
product.titleinto templates. - Ingestion points: Liquid objects (
product,cart,customer) referenced inSKILL.md. - Boundary markers: None (documentation does not define tool boundaries).
- Capability inventory: No active capabilities or tool calls are defined in this skill.
- Sanitization: Code examples demonstrate the use of the
| jsonfilter, which is a security best practice for safely passing Liquid data to JavaScript variables.
Audit Metadata