shopify-testing
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified. The skill instructions follow standard software development practices for testing and linting within the Shopify ecosystem.
- [PROMPT_INJECTION]: The skill utilizes
WebSearchandWebFetchtools to retrieve documentation from the well-known serviceshopify.dev. This creates a surface for indirect prompt injection. - Ingestion points: Documentation fetch via
WebSearchandWebFetchinSKILL.md. - Boundary markers: Absent; there are no specific delimiters to isolate the fetched web content.
- Capability inventory: The agent has access to
Bash,Write, andEdittools. - Sanitization: Absent; no explicit sanitization is performed on the documentation content.
- [COMMAND_EXECUTION]: The skill instructs the agent to execute standard developer CLI tools through
Bash, includingnpmand theshopifyCLI tool for theme linting and app development tasks.
Audit Metadata