shopify-dev-mcp
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a routing and validation guide for the Shopify Developer Model Context Protocol (MCP) server. It outlines standard procedures for initializing sessions, searching documentation, and fetching schema details.
- [SAFE]: The instructions emphasize mandatory validation steps for generated code (GraphQL, Liquid, and React components) using dedicated validation tools, which is a security and reliability best practice.
- [SAFE]: No evidence of prompt injection, data exfiltration, obfuscation, or unauthorized remote code execution was found. The use of local file paths in the
validate_themetool is consistent with the intended purpose of managing local Shopify theme development.
Audit Metadata