return-initiation
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a standard workflow for Shopify returns management using the authorized shopify-admin and shopify-admin-execution toolkits. All operations are consistent with the stated purpose of support automation and administrative oversight.
- [SAFE]: The skill processes untrusted external data from the Shopify API (e.g., customer names, product titles, and order IDs). While this constitutes an attack surface for indirect prompt injection, the risk is mitigated by the structured processing requirements and the administrative nature of the tool.
- Ingestion points: Data returned from the OrderForReturn GraphQL query in SKILL.md.
- Boundary markers: No explicit delimiters are defined for isolating external data within the output templates.
- Capability inventory: The skill utilizes shopify-admin-execution for mutation operations and emits structured text/JSON output.
- Sanitization: No explicit validation or escaping of API-provided strings is performed before inclusion in session tracking outputs.
Audit Metadata