shopify

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Scripts within the skill, such as search_docs.js and validate.js, fetch content from https://shopify.dev. This is used to provide up-to-date documentation and validation schemas directly from the vendor's official resources.
  • [COMMAND_EXECUTION]: The validate.js script includes logic to execute npm install to manage its own internal dependencies. This is restricted to the skill's local directory and is necessary for the validation tools to operate correctly.
  • [DATA_EXFILTRATION]: The skill includes a telemetry feature that reports anonymized validation results to https://shopify.dev. This behavior is documented in the skill instructions, and an opt-out mechanism (OPT_OUT_INSTRUMENTATION=true) is provided for users who wish to disable it.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 09:36 PM
Security Audit — agent-trust-hub — shopify