shopify-admin-tax-liability-summary
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates as a read-only tool for financial reporting. It does not perform any mutations on the Shopify store or execute arbitrary commands.
- [DATA_EXFILTRATION]: The skill aggregates tax data locally and outputs it to a standard CSV file or terminal output. No network operations to non-whitelisted or suspicious external domains were identified.
- [PROMPT_INJECTION]: The instructions are focused on data processing logic and output formatting. There are no attempts to override agent safety guidelines or bypass behavioral constraints.
- [INDIRECT_PROMPT_INJECTION]: While the skill processes external data (Shopify order titles and tax lines), the logic is strictly mathematical and structural (grouping and summing), minimizing the risk of data being interpreted as instructions.
- Ingestion points: Shopify GraphQL
ordersquery results. - Boundary markers: The skill uses defined GraphQL fields and fixed JSON/CSV output schemas.
- Capability inventory: Read-only API access and local file system write (CSV).
- Sanitization: The aggregation logic implicitly treats data as values for summing and grouping.
Audit Metadata