customer-cohort-analysis
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary function is data aggregation and reporting using the Shopify Admin API. All operations are read-only, following the principle of least privilege for analytical tasks. The workflow involves querying customer and order information to calculate retention metrics locally.
- [SAFE]: Data ingestion is limited to specific GraphQL fields including IDs, timestamps, monetary amounts, and email addresses. While email addresses constitute PII, they are fetched within the context of a customer-ops role for reporting purposes. The analysis found no evidence of this data being transmitted to external or unauthorized domains.
- [SAFE]: The skill instructions do not contain any prompt injection attempts, obfuscation, or remote code execution patterns. It relies on standard platform toolkits and authenticated CLI sessions.
Audit Metadata