shopify-security
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides educational content and code snippets for implementing Shopify security features. The code demonstrates high-quality security practices, such as using
crypto.timingSafeEqualto prevent timing attacks and validating JWT issuers and algorithms. - [EXTERNAL_DOWNLOADS]: The skill uses
WebSearchandWebFetchtools to retrieve documentation fromshopify.dev. This is a well-known, official service for Shopify developers and is used appropriately for fetching security guidelines. - [COMMAND_EXECUTION]: No suspicious command execution patterns were found. The skill includes references to standard development tools in its configuration, which are used as intended for documentation and code analysis.
- [DATA_EXFILTRATION]: No sensitive data exposure or exfiltration patterns were detected. The skill correctly advises against hardcoding secrets and suggests using environment variables.
Audit Metadata