Skills
skills/40rty-ai/shopify-admin-skills/top-product-performance/Gen Agent Trust Hub

top-product-performance

Pass

Audited by Gen Agent Trust Hub on Apr 12, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill is designed for data aggregation and reporting. It uses the shopify-admin toolkit to perform read-only GraphQL queries. No evidence of malicious command execution, privilege escalation, or persistence was found.
  • [PROMPT_INJECTION]: The skill has an architectural surface for indirect prompt injection because it processes untrusted data (product titles and line item names) from a Shopify store. However, since the skill's capabilities are limited to data aggregation and reporting, the risk is minimal.
  • Ingestion points: Shopify orders GraphQL query results (specifically lineItems and variant titles).
  • Boundary markers: Absent. The skill does not explicitly instruct the agent to use delimiters or ignore instructions within the retrieved data.
  • Capability inventory: Read-only GraphQL queries and in-memory data aggregation.
  • Sanitization: None specified for the retrieved product titles.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 12, 2026, 04:14 AM