shop
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the
@shopify/shop-clipackage from the npm registry to enable e-commerce functionality. This package is managed by a well-known service. - [COMMAND_EXECUTION]: The skill utilizes shell commands via the
shopCLI for core tasks including catalog lookup, authentication status checks, and managing checkout processes. - [DATA_EXFILTRATION]: The skill performs a network request to
api.ipify.orgto retrieve the current public IP address. This address is used to populate theShopify-Buyer-Ipheader, which is a requirement for Shopify's fraud and risk assessment protocols during the checkout phase. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes external content from the Shopify catalog, such as product names and descriptions.
- Ingestion points: External merchant and product data are pulled into the agent context via
shop searchandget_productcalls (defined in SKILL.md and catalog-mcp.md). - Boundary markers: The instructions in
SKILL.mdandsafety.mdexplicitly mandate that external content must be treated as untrusted data and that any embedded instructions should be ignored. - Capability inventory: The skill possesses significant capabilities, including the ability to complete financial transactions (
shop checkout complete) and perform image visualizations involving local file paths. - Sanitization: The skill implements sanitization through the silent filtering of prohibited product categories and the restriction of image URLs to specific, verified domains.
Audit Metadata