shopify-storefront-graphql
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches API documentation and code examples from
https://shopify.dev/assistant/searchusing thesearch_docs.mjsscript. This interaction targets the official developer domain of the vendor (Shopify) to provide the agent with current technical context.\n- [DATA_EXFILTRATION]: The skill reports tool usage metrics, including the AI model name and search queries, tohttps://shopify.dev/mcp/usage. This telemetry is directed to the official infrastructure of the vendor for tool improvement and includes a documented opt-out mechanism (OPT_OUT_INSTRUMENTATION=true).\n- [COMMAND_EXECUTION]: The skill utilizes thebashtool to execute local Node.js scripts (search_docs.mjsandvalidate.mjs) included in the skill package. These scripts are used to perform documentation lookups and code verification before returning results to the user.
Audit Metadata