shopify-app-store-review
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it requires the agent to read and evaluate arbitrary content from a local codebase. Maliciously crafted comments or strings within the reviewed code could potentially manipulate the agent's evaluation logic or output.
- Ingestion points: The agent is instructed to search and read relevant code, configuration files, and API calls across the entire project codebase (SKILL.md).
- Boundary markers: Absent. There are no instructions or delimiters provided to ensure the agent distinguishes between the code being analyzed and instructions meant for the agent itself.
- Capability inventory: The agent possesses the capability to read any file in the workspace and generate a compliance report, which could be subverted to hide violations or exfiltrate metadata through descriptions if manipulated.
- Sanitization: Absent. The skill provides no mechanisms for escaping or validating the content found within the developer's codebase before processing.
Audit Metadata