The Agent Skills Directory

[SAFE]: No security issues were identified in the skill. It utilizes official Shopify toolkits and follows standard procedures for administrative reporting. Authentication is handled through the user's existing Shopify CLI session, ensuring no credentials are hardcoded or exfiltrated.
[PROMPT_INJECTION]: The skill ingests external data (product and vendor titles) from the Shopify API, which represents a surface for indirect prompt injection. 1. Ingestion points: Product metadata is retrieved via the productVariants GraphQL query in SKILL.md. 2. Boundary markers: Absent in the final reporting output. 3. Capability inventory: Access to Shopify admin tools and local file system for report generation. 4. Sanitization: Absent; the skill treats API response data as literal strings for the CSV report. This behavior is consistent with standard reporting tools and is considered safe in this context.

shopify-admin-low-inventory-restock