The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to run curl -s "<product_url>.json". Because the <product_url> comes from user input and is interpolated directly into a shell command, it is susceptible to command injection. An attacker could provide a URL containing shell metacharacters (e.g., ;, `, $()) to execute arbitrary commands.\n- [DATA_EXFILTRATION]: The use of curl with user-controlled URLs can be abused to send local data to an external server. In combination with the command injection vulnerability, this could be used to exfiltrate sensitive files or environment variables from the agent's environment.\n- [PROMPT_INJECTION]: The skill processes data from external URLs, creating a surface for indirect prompt injection.\n
Ingestion points: Shopify product JSON fetched from external URLs via curl.\n
Boundary markers: None present; the skill treats the fetched JSON as trusted data and extracts specific fields for further use.\n
Capability inventory: Access to the curl tool for network requests and potential shell execution.\n
Sanitization: The instructions only specify stripping query parameters from the URL, which is insufficient to prevent command injection or to validate that the domain is a legitimate Shopify store.

shopify-storefront