Skills
skills/40rty-ai/shopify-admin-skills/order-lookup-and-summary/Gen Agent Trust Hub

order-lookup-and-summary

Pass

Audited by Gen Agent Trust Hub on Apr 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONNO_CODE
Full Analysis
  • [SAFE]: The skill performs legitimate administrative operations within the Shopify ecosystem. It uses standard GraphQL queries and follows documented Shopify CLI authentication procedures.
  • [COMMAND_EXECUTION]: The prerequisites section references the shopify auth login command, which is the official method for establishing an authenticated session with the Shopify platform.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from an external source (Shopify API).
  • Ingestion points: Data fields from the Shopify orders query, including order notes, tags, and line item titles, are processed and displayed to the user.
  • Boundary markers: No explicit delimiters or instructions are used to separate retrieved data from the agent's instructions.
  • Capability inventory: The skill is strictly read-only and lacks capabilities for file-system access, network exfiltration, or secondary command execution.
  • Sanitization: No sanitization or escaping is applied to the retrieved data before it is formatted for output. The risk is assessed as low given the skill's lack of destructive or executable capabilities.
  • [NO_CODE]: This skill contains only markdown instructions and a GraphQL query definition in the SKILL.md file; no scripts, binaries, or external code dependencies are included.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 11, 2026, 01:43 PM