shopify
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill identifies a surface for indirect prompt injection by ingesting untrusted data from the Shopify API (products, orders, customers).
- Ingestion points: Data is fetched via GraphQL queries and Webhooks as described in
references/app-development.mdandSKILL.md. - Boundary markers: Absent. Code snippets show direct processing of API responses without explicit delimiters for the agent.
- Capability inventory: The skill uses subprocess calls via Shopify CLI and shell commands (
npm,python). - Sanitization: Documentation recommends HMAC signature verification for webhooks but does not specify sanitization of data content before agent processing.
- [Unverifiable Dependencies] (LOW): The skill triggers the installation of external packages.
- Evidence:
SKILL.mdcontainsnpm install -g @shopify/cli@latest. - Context: These are official tools from Shopify; while not on the pre-approved trusted list, they are standard for the described use case.
- [Privilege Escalation] (LOW): The instruction to use global NPM installation (
-g) often prompts for elevated privileges (sudo/Administrator) in many environments. - [Remote Access] (LOW): The command
shopify app devinitiates a local development tunnel, which exposes a local port to the internet for webhook testing, a standard but notable network operation.
Audit Metadata