shopify-testing

Pass

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides instructions for running official shopify CLI commands (e.g., theme check, app function run) and standard build/test scripts (npm run test). These are standard development operations performed in the local environment or CI/CD pipelines.
  • [EXTERNAL_DOWNLOADS]: Recommends using official GitHub Actions (actions/checkout, actions/setup-node) and installing project dependencies via npm ci. These resources are sourced from trusted, well-known providers.
  • [PROMPT_INJECTION]: The skill utilizes external documentation to guide the agent. Ingestion points: Fetches live documentation from shopify.dev using WebSearch and WebFetch tools as specified in SKILL.md. Boundary markers: None are explicitly defined to isolate the fetched documentation from the agent's instructions. Capability inventory: The agent has access to Bash, Write, and Edit tools for implementing tests and project configurations. Sanitization: No explicit validation or sanitization of the fetched external documentation is performed before it is used to guide file modifications.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 31, 2026, 06:10 AM
Security Audit — agent-trust-hub — shopify-testing