Skills
skills/40rty-ai/shopify-admin-skills/variant-option-normalizer/Gen Agent Trust Hub

variant-option-normalizer

Pass

Audited by Gen Agent Trust Hub on Apr 12, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the shopify-admin and shopify-admin-execution toolkits to perform product queries and mutations on a Shopify store. These are standard operations for store management and consistent with the skill's stated purpose.
  • [PROMPT_INJECTION]: The skill processes data (product titles and variant options) from an external Shopify store, which is a surface for indirect prompt injection. However, the skill's logic is constrained to matching values against a user-defined mapping, which significantly limits the potential for instruction override.
  • Ingestion points: Product and variant metadata via the products GraphQL query in SKILL.md.
  • Boundary markers: None specified in the prompt instructions.
  • Capability inventory: The skill has write access via the productVariantsBulkUpdate mutation.
  • Sanitization: No explicit validation or filtering is mentioned for the ingested product data.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 12, 2026, 04:14 AM
Security Audit — agent-trust-hub — variant-option-normalizer