pp-shopify
Warn
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and install a CLI tool from the vendor's NPM registry and GitHub repository using
npxandgo install.\n- [DATA_EXFILTRATION]: Theshopify-pp-clitool includes a--deliver webhook:<url>option, which allows the agent to transmit retrieved Shopify data (such as orders and customer information) to arbitrary external web endpoints.\n- [COMMAND_EXECUTION]: The skill operates by executing shell commands to run theshopify-pp-clibinary on the host system.
Audit Metadata