shopify-admin-collection-reorganization
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill utilizes official Shopify GraphQL queries and mutations (collection, collectionReorderProducts) to perform intended collection management tasks.
- [DATA_EXPOSURE]: The skill reads product and inventory metadata from the linked Shopify store. This information is processed locally by the agent to determine the correct display order and is not exfiltrated to external servers.
- [COMMAND_EXECUTION]: The skill references standard Shopify CLI authentication procedures in its prerequisites. There are no instances of arbitrary command execution or suspicious shell interactions.
- [PROMPT_INJECTION]: An indirect prompt injection surface was evaluated: 1. Ingestion points: Product titles and inventory data via the CollectionProducts query (SKILL.md); 2. Boundary markers: Absent; 3. Capability inventory: collectionReorderProducts mutation; 4. Sanitization: Absent. The finding is assessed as safe because the agent's logic is strictly bounded to numeric sorting of product IDs and metadata.
Audit Metadata