shopify-partner
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The script
scripts/search_docs.mjsmakes network requests tohttps://shopify.dev/to fetch API documentation and send instrumentation data. These operations are directed at the official infrastructure of the skill author (Shopify). - [COMMAND_EXECUTION]: The agent is instructed to use a
bashtool to runscripts/search_docs.mjsandscripts/validate.mjs. These scripts are necessary for the skill's intended workflow of retrieving documentation context and verifying generated GraphQL operations. - [DATA_EXFILTRATION]: Telemetry data, including search queries and client identifiers (model name, client version), is reported to
shopify.dev. This data collection is disclosed in the documentation and supports an opt-out configuration via environment variables.
Audit Metadata