shopify-product-serp-optimizer
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill manages Shopify Admin API credentials using a local environment file (
skill-hub.env) and explicitly instructs the agent to ensure this file is added to.gitignoreto prevent accidental exposure. - [COMMAND_EXECUTION]: Benign use of shell commands is used to interact with the Shopify CLI and a bundled Node.js helper script. The script uses
execFileto prevent shell injection vulnerabilities. - [EXTERNAL_DOWNLOADS]: The skill recommends installing the official
@shopify/clipackage, which is a well-known and trusted tool from a reputable vendor. - [DATA_EXFILTRATION]: Network operations are restricted to communication with official Shopify API domains (
myshopify.com) for the purpose of reading and updating product SEO metadata. - [INDIRECT_PROMPT_INJECTION]: The skill processes external product data from Shopify stores. The bundled report generator implements HTML escaping (
escapeHtml) to sanitize this content before including it in the generated HTML audit report, mitigating potential injection risks.
Audit Metadata