shopify-admin-high-risk-order-tagger
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill performs expected administrative functions on a Shopify store using the official Shopify Admin API. All actions, such as tagging and placing fulfillment holds, are consistent with the skill's stated purpose of risk management.\n- [COMMAND_EXECUTION]: The skill utilizes the shopify-admin and shopify-admin-execution toolkits to execute GraphQL queries and mutations. These tools are standard for Shopify management and operate within the context of an authenticated user session.\n- [PROMPT_INJECTION]: The skill was assessed for indirect prompt injection surfaces as it processes data from the Shopify API.\n
- Ingestion points: Customer names and order names retrieved from the Shopify API in SKILL.md.\n
- Boundary markers: None explicitly defined in the output instructions to differentiate data from commands.\n
- Capability inventory: The skill can modify order tags and fulfillment statuses across the shopify-admin-execution toolkit.\n
- Sanitization: No explicit sanitization of API data is performed, though the structured nature of the API interactions minimizes the risk in this administrative context.
Audit Metadata