shopify-app-dev

Pass

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill defines a workflow that relies on fetching external data from shopify.dev and GitHub to inform the agent's actions.
  • Ingestion points: The agent uses WebSearch and WebFetch to retrieve real-time documentation and template code from external web sources.
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat fetched content as untrusted data or to ignore embedded instructions.
  • Capability inventory: The skill allows the use of Write, Edit, and Bash tools, which could be leveraged to modify the local environment or codebase based on fetched content.
  • Sanitization: The skill does not specify any sanitization, filtering, or validation steps for the content retrieved from external URLs before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 31, 2026, 06:10 AM
Security Audit — agent-trust-hub — shopify-app-dev