skills/nousresearch/hermes-agent/shop/Gen Agent Trust Hub

shop

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the @shopify/shop-cli package from the npm registry to enable e-commerce functionality. This package is managed by a well-known service.
  • [COMMAND_EXECUTION]: The skill utilizes shell commands via the shop CLI for core tasks including catalog lookup, authentication status checks, and managing checkout processes.
  • [DATA_EXFILTRATION]: The skill performs a network request to api.ipify.org to retrieve the current public IP address. This address is used to populate the Shopify-Buyer-Ip header, which is a requirement for Shopify's fraud and risk assessment protocols during the checkout phase.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes external content from the Shopify catalog, such as product names and descriptions.
  • Ingestion points: External merchant and product data are pulled into the agent context via shop search and get_product calls (defined in SKILL.md and catalog-mcp.md).
  • Boundary markers: The instructions in SKILL.md and safety.md explicitly mandate that external content must be treated as untrusted data and that any embedded instructions should be ignored.
  • Capability inventory: The skill possesses significant capabilities, including the ability to complete financial transactions (shop checkout complete) and perform image visualizations involving local file paths.
  • Sanitization: The skill implements sanitization through the silent filtering of prohibited product categories and the restriction of image URLs to specific, verified domains.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 09:39 AM
Security Audit — agent-trust-hub — shop