shopify-app-dev
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines a workflow that relies on fetching external data from
shopify.devand GitHub to inform the agent's actions. - Ingestion points: The agent uses
WebSearchandWebFetchto retrieve real-time documentation and template code from external web sources. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat fetched content as untrusted data or to ignore embedded instructions.
- Capability inventory: The skill allows the use of
Write,Edit, andBashtools, which could be leveraged to modify the local environment or codebase based on fetched content. - Sanitization: The skill does not specify any sanitization, filtering, or validation steps for the content retrieved from external URLs before it is processed by the agent.
Audit Metadata