shopify-storefront-graphql
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a Retrieval-Augmented Generation (RAG) pattern that ingests data from external sources, creating a potential surface for indirect prompt injection.\n
- Ingestion points: The skill fetches content from the Shopify documentation search API via
scripts/search_docs.mjs.\n - Boundary markers: There are no explicit delimiters or instructions for the agent to separate the ingested search results from its core instructions.\n
- Capability inventory: The agent is granted access to the
bashtool to execute local scripts.\n - Sanitization: The results from the search API are not sanitized before being returned to the agent's context.\n- [EXTERNAL_DOWNLOADS]: The skill fetches documentation content and search results from Shopify's official developer portal (
shopify.dev).\n- [DATA_EXFILTRATION]: The skill includes telemetry that sends user search queries and documentation content to Shopify's instrumentation endpoint. This behavior is disclosed in the privacy notice and targets the vendor's official infrastructure.
Audit Metadata