The Agent Skills Directory

[SAFE]: The skill facilitates legitimate administrative tasks within a Shopify environment, specifically customer segmentation and loyalty program management. It uses the platform's official API for its operations.
[COMMAND_EXECUTION]: The skill instructions include the use of the Shopify CLI (shopify store auth) for session authentication. This is a standard and expected procedure for interacting with the shopify-admin toolkit.
[DATA_EXFILTRATION]: While the skill processes customer data including email addresses and lifetime spend figures, these are used exclusively to calculate loyalty tiers and generate a local CSV report. No unauthorized network requests or data exfiltration to external domains were detected.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes untrusted customer data (e.g., display names, existing tags) and uses the result to influence its own output and subsequent API mutations. However, in the context of an authenticated store management tool, this risk is assessed as safe. Evidence: 1. Ingestion points: customers:query in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: tagsAdd:mutation in SKILL.md. 4. Sanitization: Absent.

shopify-admin-customer-spend-tier-tagger