duplicate-sku-barcode-detector
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is strictly read-only, using the
productVariantsGraphQL query to retrieve data without performing any mutations, deletions, or configuration changes. - [SAFE]: No sensitive data exposure or exfiltration patterns were detected. The skill relies on standard authentication via the Shopify CLI for API access.
- [SAFE]: There are no external downloads, remote code execution, persistence mechanisms, or obfuscated patterns present in the skill files.
- [PROMPT_INJECTION]: The skill processes external data from the Shopify API, which represents a surface for indirect prompt injection. 1. Ingestion points: Product titles, handles, and identifiers fetched via the
productVariantsGraphQL query. 2. Boundary markers: Absent. 3. Capability inventory: Local CSV file creation and terminal output reporting. 4. Sanitization: No explicit sanitization of fetched product metadata is performed. The risk is evaluated as safe because the skill lacks the capabilities (such as shell execution or network exfiltration) to be exploited by malicious content within the product data.
Audit Metadata