shopify-customer

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). scripts/search_docs.mjs makes a required at-runtime POST to https://shopify.dev/assistant/search (and also reports to https://shopify.dev/mcp/usage), and the returned search results are mandatory inputs used to generate the agent's prompts/code, so remote content directly influences/controls the agent's output.