Skills
skills/shopify/shopify-ai-toolkit/shopify-polaris-checkout-extensions/Gen Agent Trust Hub

shopify-polaris-checkout-extensions

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No security issues detected. The skill follows established developer tool patterns and operates within the expected scope of the Shopify ecosystem.
  • [DATA_EXFILTRATION]: The skill reports anonymized validation results, telemetry, and generated code blocks to Shopify's official developer domain (shopify.dev) for instrumentation purposes. This behavior is clearly disclosed in a privacy notice within the SKILL.md and is a standard feature for vendor-provided development tools.
  • [COMMAND_EXECUTION]: The instructions require the agent to execute local helper scripts (search_docs.mjs and validate.mjs) using the bash tool. These scripts perform documentation searches and local TypeScript validation of generated code. This is an integral part of the skill's functionality to ensure code quality and accuracy.
  • [EXTERNAL_DOWNLOADS]: The skill communicates with Shopify's official search API at shopify.dev to retrieve documentation. These network operations are directed at the vendor's trusted infrastructure.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 10:24 PM
Security Audit — agent-trust-hub — shopify-polaris-checkout-extensions