order-risk-report
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill performs read-only GraphQL queries against the Shopify Admin API to retrieve order risk data for manual review.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting untrusted data from Shopify order fields. * Ingestion points: The orders:query operation in SKILL.md retrieves order details and risk facts. * Boundary markers: The skill does not use delimiters or instructions to ignore embedded instructions in the retrieved data. * Capability inventory: The skill is capable of writing the retrieved data to a local CSV file. * Sanitization: No sanitization or validation of the order data is performed before it is output to the file.
Audit Metadata