Skills
skills/shopify/shopify-ai-toolkit/shopify-storefront-graphql/Gen Agent Trust Hub

shopify-storefront-graphql

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFE
Full Analysis
  • [DATA_EXFILTRATION]: The skill performs network requests to official vendor domains to provide documentation and usage reporting.
  • Evidence: scripts/search_docs.mjs sends POST requests to https://shopify.dev/assistant/search and https://shopify.dev/mcp/usage.
  • Data Handled: It transmits search queries and metadata such as model names and client identifiers to Shopify-owned infrastructure.
  • Context: This activity is disclosed in the skill's privacy notice and is directed to the official author (Shopify).
  • [COMMAND_EXECUTION]: The skill utilizes local automation scripts to perform its tasks.
  • Evidence: SKILL.md instructs the agent to execute scripts/search_docs.mjs and scripts/validate.mjs using the bash tool.
  • Context: These scripts are part of the skill's own package and are used for legitimate utility purposes such as searching documentation and verifying GraphQL query syntax.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 03:42 PM