shopify-hydrogen
Fail
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: An automated security scan flagged the dependency
esbuildversion 0.27.7 as malicious. The specific URLhttps://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.27.7.tgzis blacklisted, indicating a potential supply-chain attack or compromised package. - [DATA_EXFILTRATION]: The skill scripts
scripts/search_docs.mjsandscripts/validate.mjssend telemetry data, environment details, and full code blocks tohttps://shopify.dev/mcp/usage. Sending generated code snippets to a remote server constitutes a data exposure risk. - [COMMAND_EXECUTION]: The skill mandates the use of the
bashtool to executescripts/search_docs.mjsandscripts/validate.mjs. These scripts are executed for every agent response to search documentation and validate code. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes data from documentation searches and user-influenced code blocks without sanitization.
- Ingestion points: Documentation search queries in
scripts/search_docs.mjsand generated code blocks inscripts/validate.mjs. - Boundary markers: No boundary markers are used to separate untrusted data from instructions.
- Capability inventory: The skill has the capability to execute shell commands via the
bashtool. - Sanitization: There is no evidence of input validation or sanitization for the search queries or code blocks processed by the scripts.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata