Skills
skills/40rty-ai/shopify-admin-skills/metafield-bulk-update/Gen Agent Trust Hub

metafield-bulk-update

Pass

Audited by Gen Agent Trust Hub on Apr 12, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data retrieved from the Shopify store.
  • Ingestion points: Product titles and existing metafield values retrieved via the products GraphQL query in SKILL.md.
  • Boundary markers: Instructions do not define delimiters or specific warnings for the agent to ignore instructions embedded in store content.
  • Capability inventory: The skill has the ability to write and delete data using the metafieldsSet and metafieldsDelete mutations defined in SKILL.md.
  • Sanitization: There is no evidence of sanitization or validation of retrieved store content before it is used to influence the workflow.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 12, 2026, 04:14 AM