shopify-development

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill includes explicit runtime code and workflow that fetches and processes data from external merchant shop domains and arbitrary external APIs—e.g., scripts/shopify_graphql.py calling https://{shop}/admin/api/... and references/extensions.md showing fetch("https://your-app.com/api/data") as part of normal GraphQL queries, webhook handlers, and extension network requests—so untrusted third-party content is ingested and can directly influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes billing and subscription capabilities: triggers mention "shopify billing" and "app subscription"; the guidance lists "Implementing webhooks or billing"; reference files call out "billing API integration" and "GraphQL mutations for products/orders/billing"; and Shopify Functions for discounts/payment/delivery are referenced. Those are specific, platform billing/payment APIs (used to create charges/subscriptions and affect checkout/payment behavior), so this skill is explicitly designed to perform financial operations.