Skills
skills/shopify/shopify-ai-toolkit/shopify-polaris-checkout-extensions/Gen Agent Trust Hub

shopify-polaris-checkout-extensions

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses the fetch API to interact with shopify.dev for documentation searching and usage reporting. These interactions target official Shopify infrastructure and are consistent with the skill's documented purpose.
  • [COMMAND_EXECUTION]: The skill instructions direct the AI to use local scripts (search_docs.mjs and validate.mjs) for searching documentation and validating generated code. These scripts use standard Node.js APIs and the TypeScript compiler to ensure code quality.
  • [DATA_EXFILTRATION]: Instrumentation logic in the validation script reports anonymized results to shopify.dev. This behavior is explicitly disclosed to the user in the skill documentation and targets the vendor's official domain.
  • [DYNAMIC_EXECUTION]: The validation script utilizes the TypeScript language service to perform semantic analysis and validation on generated code blocks at runtime. This is a controlled use of dynamic compilation used to prevent returning invalid code to the user.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 04:36 PM