shopify-orders
Warn
Audited by Snyk on Jun 29, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). The required workflow explicitly performs runtime web-searches and fetches public Shopify documentation pages (e.g., “Web-search …” and “Fetch https://shopify.dev/docs/api/admin-graphql”), whose readable text is ingested into the agent’s LLM context, which is outsider-authored free text from the public web.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs fetching live Shopify docs at runtime (https://shopify.dev/docs/api/admin-graphql) to obtain current GraphQL input schemas and enum values that will be used to construct queries/mutations, so the fetched content would directly control the agent's prompts/behavior.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill explicitly references Shopify Admin GraphQL mutations that execute financial actions: refundCreate, returnRefund/returnCreate (with refund issuance), draftOrderComplete (which "charges payment"), and mentions transactions (authorization, capture, void, refund). These are specific payment/refund/capture operations on an e‑commerce platform (not generic browser or HTTP tools) and therefore grant direct financial execution capability.
Issues (3)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata