shopify-admin-seo-metadata-audit
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: Read-only operation. The skill uses the shopify-admin toolkit to fetch product, collection, and page metadata using standard GraphQL queries. No mutations or administrative changes are performed.
- [SAFE]: No external downloads or remote code execution. The skill relies entirely on pre-authenticated Shopify CLI sessions and standard platform toolkit operations.
- [SAFE]: No data exfiltration. The skill aggregates data locally for the agent to present to the user or save as a CSV file. No network requests to third-party domains or non-whitelisted sources are present.
- [SAFE]: Indirect Prompt Injection Surface: 1. Ingestion points: Shopify GraphQL API (ProductSEO, CollectionSEO, PageSEO operations). 2. Boundary markers: Absent. 3. Capability inventory: Read-only data aggregation and CSV file generation; no subprocess, eval, or network-write tools are used across the skill. 4. Sanitization: Absent, but categorized as safe as the data is used for metadata length reporting and not executed.
Audit Metadata