shopify-testing

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious patterns or security risks were identified. The skill instructions follow standard software development practices for testing and linting within the Shopify ecosystem.
  • [PROMPT_INJECTION]: The skill utilizes WebSearch and WebFetch tools to retrieve documentation from the well-known service shopify.dev. This creates a surface for indirect prompt injection.
  • Ingestion points: Documentation fetch via WebSearch and WebFetch in SKILL.md.
  • Boundary markers: Absent; there are no specific delimiters to isolate the fetched web content.
  • Capability inventory: The agent has access to Bash, Write, and Edit tools.
  • Sanitization: Absent; no explicit sanitization is performed on the documentation content.
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute standard developer CLI tools through Bash, including npm and the shopify CLI tool for theme linting and app development tasks.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 02:51 PM
Security Audit — agent-trust-hub — shopify-testing