The Agent Skills Directory

[PROMPT_INJECTION]: The skill ingests untrusted product and collection data from the Shopify API, creating a surface for indirect prompt injection where malicious instructions in product titles could influence agent behavior.
Ingestion points: products and collections GraphQL query results in SKILL.md.
Boundary markers: Absent; there are no instructions to delimit or ignore instructions within the retrieved data.
Capability inventory: Uses the shopify-admin toolkit for API access and has the ability to write CSV files to the local file system.
Sanitization: No explicit sanitization or escaping of external content is performed before processing or output generation.
[SAFE]: The skill specifies read-only GraphQL operations and requests minimal API scopes (read_products). No unauthorized network operations, hardcoded credentials, or persistence mechanisms were detected.

collection-membership-audit