Skills
skills/40rty-ai/shopify-admin-skills/inventory-transfer-between-locations/Gen Agent Trust Hub

inventory-transfer-between-locations

Pass

Audited by Gen Agent Trust Hub on Apr 12, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Detected an indirect prompt injection surface. The skill ingests and processes data from external sources (Shopify API) which may contain attacker-controlled content.
  • Ingestion points: The skill fetches sku and name fields for locations and inventory items via GraphQL queries in SKILL.md.
  • Boundary markers: No explicit delimiters or instructions are provided to the agent to treat data from the API as non-executable text.
  • Capability inventory: The skill has the capability to perform state-modifying actions via the inventoryAdjustQuantities mutation.
  • Sanitization: There is no evidence of sanitization or escaping for the data retrieved from the Shopify environment before it is used in the agent's logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 12, 2026, 04:14 AM