Skills
skills/shopify/shopify-ai-toolkit/shopify-use-shopify-cli/Gen Agent Trust Hub

shopify-use-shopify-cli

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions for installing the official Shopify CLI package (@shopify/cli) from the standard npm registry.
  • [COMMAND_EXECUTION]: The skill instructs the assistant to provide users with executable shell commands for Shopify CLI workflows, such as shopify app config validate and shopify store execute.
  • [DATA_EXPOSURE]: The skill handles application configuration files (shopify.app.toml, shopify.extension.toml) to perform validation and diagnostics, which is standard behavior for developer tools.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes user-controlled configuration files and CLI output. While this represents a theoretical ingestion surface for indirect prompt injection, it is considered safe in this context as the assistant acts as an advisor for local developer workflows.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 05:46 AM
Security Audit — agent-trust-hub — shopify-use-shopify-cli