shopify-hydrogen
Warn
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions in
SKILL.mdinclude a command to execute a local Node.js script:node scripts/search_shopify_docs.mjs "<query>". The script is missing from the provided files, which prevents verification of how it handles user-supplied arguments and whether it is vulnerable to command injection. - [EXTERNAL_DOWNLOADS]: The skill fetches documentation and API references from
shopify.dev, which is a well-known service for Shopify development. - [PROMPT_INJECTION]: Indirect prompt injection surface identified.
- Ingestion points: Data from
shopify.deventers the agent context via the documentation search script referenced inSKILL.md. - Boundary markers: Absent; there are no instructions to the agent to ignore embedded commands in the fetched documentation.
- Capability inventory: Shell execution capabilities are present via the
nodecommand inSKILL.md. - Sanitization: Absent; the instructions do not specify any validation or filtering of the content returned from the external documentation service.
Audit Metadata