shopify-webhooks
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): No malicious patterns or security risks were identified. The content is educational and follows industry-standard security practices for app development.
- Indirect Prompt Injection (SAFE): The skill addresses a vulnerability surface involving untrusted external data (webhooks) with proper defenses. Ingestion points: The request payload in the action route. Boundary markers: The use of the
authenticate.webhookhelper to validate incoming requests. Capability inventory: Database cleanup (db.session.deleteMany) and order logging. Sanitization: Explicit HMAC-SHA256 signature verification ensures only authentic Shopify requests are processed. - External Downloads (SAFE): Mentions the standard
@shopify/shopify-app-remixpackage, which is the official framework for Shopify app development. No unknown or suspicious dependencies are introduced.
Audit Metadata