shopify-content

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes direct cURL examples and prerequisites that require inserting an Admin API access token into request headers (e.g., -H "X-Shopify-Access-Token: {token}"), which would require the agent to place secret values verbatim into generated commands or requests.