app-listing
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes external files such as README.md, package.json, and source code.
- Ingestion points: SKILL.md workflow step 1 explicitly instructs the agent to read and understand project files.
- Boundary markers: Absent; there are no specific instructions or delimiters used to treat content from these files as untrusted or to ignore embedded commands.
- Capability inventory: The skill can execute the local count-characters.sh script and generate listing content based on the analyzed data.
- Sanitization: None; data from project files is directly used to inform content generation without validation.
- [COMMAND_EXECUTION]: The skill provides and executes a local shell script, count-characters.sh, to assist with the workflow.
- Purpose: Counting characters in various listing sections to ensure compliance with Shopify's strict character limits.
- Evidence: SKILL.md step 3.1 contains bash snippets demonstrating the execution of the script with user-provided text inputs.
Audit Metadata