shopify-onboarding-merchant

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to fetch and "Execute its instructions exactly as written" from the public URL https://www.shopify.com/SKILL.md, meaning untrusted third-party webpage content will be read and used to drive actions and could inject instructions into the agent's workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs the agent to fetch and "Execute its instructions exactly as written" from https://www.shopify.com/SKILL.md at runtime, so the external content directly controls agent instructions and may include executable installation/authentication commands.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt tells the agent to fetch and "execute its instructions exactly" from an external SKILL.md which includes CLI and plugin installation and environment setup—actions that can require installing software, running privileged commands, or changing system configuration—so it encourages modifying the host system state.