The Agent Skills Directory

[DATA_EXFILTRATION]: The skill accesses customer PII (names, emails, addresses) and order details from the Shopify API. This access is consistent with the stated purpose of generating a "Where Is My Order" (WISMO) report. Data is saved to a local CSV file, and no evidence of unauthorized external transmission was found.- [REMOTE_CODE_EXECUTION]: No patterns for remote code execution, script downloads, or dynamic execution were identified.- [PROMPT_INJECTION]: The instructions do not contain attempts to override agent safety guidelines, bypass constraints, or extract system prompts.- [COMMAND_EXECUTION]: The skill uses standard Shopify CLI tools for authentication and GraphQL queries as part of its documented workflow. No suspicious or high-risk command execution patterns were found.- [INDIRECT_PROMPT_INJECTION]: The skill processes data from the Shopify API (customer names, order names). While this constitutes an ingestion surface for external data, the risk is minimal as the skill performs read-only operations and outputs to a structured CSV file.

wismo-bulk-status-report