shopify-security

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill provides educational content and code snippets for implementing Shopify security features. The code demonstrates high-quality security practices, such as using crypto.timingSafeEqual to prevent timing attacks and validating JWT issuers and algorithms.
  • [EXTERNAL_DOWNLOADS]: The skill uses WebSearch and WebFetch tools to retrieve documentation from shopify.dev. This is a well-known, official service for Shopify developers and is used appropriately for fetching security guidelines.
  • [COMMAND_EXECUTION]: No suspicious command execution patterns were found. The skill includes references to standard development tools in its configuration, which are used as intended for documentation and code analysis.
  • [DATA_EXFILTRATION]: No sensitive data exposure or exfiltration patterns were detected. The skill correctly advises against hardcoding secrets and suggests using environment variables.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 02:50 PM
Security Audit — agent-trust-hub — shopify-security