shopify-api-integration
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWNO_CODE
Full Analysis
- NO_CODE (SAFE): This skill consists entirely of instructional markdown documentation and does not include any executable scripts, tool definitions, or binary files.
- Data Exposure & Exfiltration (SAFE): No hardcoded secrets or sensitive credentials were found. The code snippets correctly demonstrate the use of environment variables for handling sensitive webhook secrets.
- Indirect Prompt Injection (LOW): The skill provides patterns for processing untrusted data from webhooks. Ingestion points: External webhook payload (req.body). Boundary markers: Not present in snippets. Capability inventory: The skill itself has no executable capabilities, and the snippets focus on standard API interactions. Sanitization: The skill explicitly includes a robust HMAC verification pattern to ensure the authenticity and integrity of incoming webhook data.
Audit Metadata