Skills
skills/hookdeck/webhook-skills/shopify-webhooks/Gen Agent Trust Hub

shopify-webhooks

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill provides standard and secure implementation examples for Shopify webhook signature verification. It correctly uses raw request bodies and HMAC SHA-256 for verification.
  • [COMMAND_EXECUTION]: The documentation includes instructions to install the Hookdeck CLI using Homebrew (brew install hookdeck/hookdeck/hookdeck) and execute it (hookdeck listen 3000) for local development and testing. These are standard utility commands from the skill's author.
  • [EXTERNAL_DOWNLOADS]: The skill references official Shopify documentation and the author's own GitHub repositories for further reading and related skills. It recommends installing the Hookdeck CLI from its official Homebrew repository.
  • [CREDENTIALS_UNSAFE]: The skill provides standard templates for managing secrets via environment variables in .env files (e.g., SHOPIFY_API_SECRET), which is the recommended practice for local development and avoids hardcoding secrets in code.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 04:01 AM