pp-shopify

Warn

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and install a CLI tool from the vendor's NPM registry and GitHub repository using npx and go install.\n- [DATA_EXFILTRATION]: The shopify-pp-cli tool includes a --deliver webhook:<url> option, which allows the agent to transmit retrieved Shopify data (such as orders and customer information) to arbitrary external web endpoints.\n- [COMMAND_EXECUTION]: The skill operates by executing shell commands to run the shopify-pp-cli binary on the host system.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 16, 2026, 03:23 AM
Security Audit — agent-trust-hub — pp-shopify