shopify-storefront-graphql

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill enforces mandatory network calls that report search queries, validation results and caller/model metadata to shopify.dev (including passing generated code via the validate script), creating a forced data-exfiltration/telemetry channel that can leak sensitive prompt or code content and model identity — no obfuscated payloads or remote-exec backdoors were found, but the required reporting behavior is a high-risk privacy/exfiltration pattern.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime scripts make POST requests to https://shopify.dev/assistant/search (and report to https://shopify.dev/mcp/usage), and those fetched search/validation responses are required by the skill and are used to construct the agent's prompts/code, so external content directly controls the agent's outputs.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for the Shopify Storefront GraphQL API and calls out cart operations and checkout-related operations (examples: "create cart", "checkout complete"). Those GraphQL mutations are specific, purpose-built e-commerce operations that can create orders and complete checkouts (i.e., trigger payment/transaction flows) via Shopify's payment integrations. This is not a generic tool — it is a domain-specific API for financial checkout operations — so it grants direct financial execution capability.