shopify-orders

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill is a technical guide for Shopify Order Management, providing legitimate GraphQL schemas and lifecycle documentation for fulfillment, returns, and refunds.
  • [EXTERNAL_DOWNLOADS]: The skill directs the agent to use WebFetch and WebSearch to retrieve documentation specifically from shopify.dev. Since this is an official domain for a well-known service, the references are documented as safe and consistent with standard developer workflows.
  • [PROMPT_INJECTION]: No direct prompt injection or behavioral overrides were detected. The instructions are professional and scoped to the task. While fetching external documentation introduces a surface for indirect prompt injection, the skill targets official, well-known vendor documentation, which significantly reduces the risk profile.
  • [COMMAND_EXECUTION]: Although the skill has access to the Bash tool, no suspicious shell commands, privilege escalation attempts, or persistence mechanisms were found in the instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 02:50 PM
Security Audit — agent-trust-hub — shopify-orders