shopify-onboarding-merchant
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill installs and executes the official Shopify CLI tool to facilitate store authentication and data management tasks. It utilizes platform-specific commands for installation, such as global npm installation or Homebrew on macOS.
- [EXTERNAL_DOWNLOADS]: The skill downloads necessary development tools from trusted and well-known registries, specifically the NPM registry and Shopify's official Homebrew tap.
- [SAFE]: To mitigate command injection risks, the skill explicitly instructs the agent to write merchant-provided data (like product titles and descriptions from CSV files) into temporary JSON files rather than passing them as direct shell arguments.
- [SAFE]: All external URLs and resources identified, including store signup pages and migration guides, are hosted on official Shopify domains.
Audit Metadata