The Agent Skills Directory

External Data Ingestion: The skill describes fetching content from Shopify's Storefront API. While this involves processing external data, the instructions focus on transforming this data into strongly-typed domain objects, which is a standard practice for maintaining application stability.
Webhook Security Implementation: The implementation guide for the cache invalidation endpoint includes a placeholder for Shopify webhook signature verification. This emphasizes the security requirement of authenticating incoming requests to prevent unauthorized cache manipulation.
Tooling Integration: References to development tools like shopify-ai-toolkit and schema fetching commands are consistent with the intended workflow of building Shopify-backed storefronts and do not introduce unusual execution patterns.
Indirect Prompt Injection Surface: As the skill enables the ingestion of content from a remote CMS, there is a potential surface for indirect prompt injection if an agent later processes this content. The provided structure uses domain types and JSON parsing, which provides a layer of data isolation compared to free-text ingestion.

enable-shopify-cms