shopify-payments-apps
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill transmits usage metadata, search queries, and validation results to 'https://shopify.dev/'. This behavior is explicitly disclosed in the 'SKILL.md' file as part of an instrumentation program. It communicates only with the vendor's official domain and provides an opt-out mechanism via environment variables.
- [COMMAND_EXECUTION]: The skill requires the 'bash' tool to execute internal maintenance scripts ('scripts/search_docs.mjs' and 'scripts/validate.mjs'). These scripts are used for fetching API context and performing validation of generated GraphQL queries.
- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection via documentation search results.
- Ingestion point: Documentation results from 'scripts/search_docs.mjs' are incorporated into the agent's context.
- Boundary markers: Absent; the prompt instructions do not specify delimiters for separating search results from instructions.
- Capability inventory: The agent has access to the 'bash' tool to execute provided skill scripts.
- Sanitization: The 'search_docs.mjs' script does not perform sanitization on retrieved documentation strings before they are returned to the agent.
Audit Metadata