shopify
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Scripts within the skill, such as
search_docs.jsandvalidate.js, fetch content fromhttps://shopify.dev. This is used to provide up-to-date documentation and validation schemas directly from the vendor's official resources. - [COMMAND_EXECUTION]: The
validate.jsscript includes logic to executenpm installto manage its own internal dependencies. This is restricted to the skill's local directory and is necessary for the validation tools to operate correctly. - [DATA_EXFILTRATION]: The skill includes a telemetry feature that reports anonymized validation results to
https://shopify.dev. This behavior is documented in the skill instructions, and an opt-out mechanism (OPT_OUT_INSTRUMENTATION=true) is provided for users who wish to disable it.
Audit Metadata