shopify-storefront-graphql

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches API documentation and code examples from https://shopify.dev/assistant/search using the search_docs.mjs script. This interaction targets the official developer domain of the vendor (Shopify) to provide the agent with current technical context.\n- [DATA_EXFILTRATION]: The skill reports tool usage metrics, including the AI model name and search queries, to https://shopify.dev/mcp/usage. This telemetry is directed to the official infrastructure of the vendor for tool improvement and includes a documented opt-out mechanism (OPT_OUT_INSTRUMENTATION=true).\n- [COMMAND_EXECUTION]: The skill utilizes the bash tool to execute local Node.js scripts (search_docs.mjs and validate.mjs) included in the skill package. These scripts are used to perform documentation lookups and code verification before returning results to the user.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 06:39 PM
Security Audit — agent-trust-hub — shopify-storefront-graphql