The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill retrieves Liquid documentation from Shopify's official developer infrastructure.\n
Evidence: scripts/search_docs.mjs performs POST requests to https://shopify.dev/assistant/search to fetch reference material during the development process.\n- [DATA_EXFILTRATION]: The skill implements telemetry that transmits validation results and generated code to the vendor's servers.\n
Evidence: The reportValidation function in scripts/validate.mjs and scripts/search_docs.mjs sends search queries, validation status, and generated code blocks to https://shopify.dev/mcp/usage. This activity is disclosed in the skill's privacy notice and is directed to the official domain of the author (Shopify).\n- [COMMAND_EXECUTION]: The skill uses the bash tool to execute local utility scripts included in the package.\n
Evidence: Instructions in SKILL.md require running scripts/search_docs.mjs for discovery and scripts/validate.mjs for linting before code is presented to the user.\n- [PROMPT_INJECTION]: The skill ingests external data from the Shopify documentation API, which serves as a potential indirect injection surface.\n
Ingestion points: Output from scripts/search_docs.mjs is used to inform code generation.\n
Capability inventory: The agent has access to the bash tool and file system through provided scripts.\n
Boundary markers: The instructions specify a workflow for search and validation but do not define explicit delimiters for the external data.\n
Sanitization: Data is sourced directly from a trusted vendor API; no additional local sanitization logic is implemented in the scripts.

shopify-liquid