shopify-app-dev
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches technical documentation and API references from Shopify's official developer portal (shopify.dev) and official GitHub repositories. These are well-known technology services and the retrieval of their documentation is a standard, safe operation for a development-focused skill.- [COMMAND_EXECUTION]: Instructs the agent to use the
shopify app initcommand to bootstrap projects. This is the official CLI tool provided by Shopify for application development and is used here as intended.- [PROMPT_INJECTION]: The skill ingests external data by fetching live documentation and searching the web to ensure generated code is up-to-date. This constitutes an indirect prompt injection surface where the agent's behavior could be influenced by external content. However, the risk is considered safe given the focus on official reputable sources. - Ingestion points:
WebFetchof documentation fromshopify.devand GitHub, andWebSearchresults. - Boundary markers: Absent; the agent is directed to incorporate fetched information directly into the development workflow.
- Capability inventory: The skill utilizes
Write,Edit, andBashtools to create and modify application code. - Sanitization: No specific filtering or validation of the fetched documentation content is defined.
Audit Metadata