Shopify Directory

The skill acts as a directory that instructs the agent to fetch and follow instructions from external URLs (e.g., lobsterbrew.com/skill.md). While this behavior is aligned with the stated purpose of merchant discovery, the instruction to treat external, dynamically fetched content as the 'source of truth' creates a significant risk for indirect prompt injection. The skill explicitly advises against collecting payment information, suggesting no immediate malicious intent, but the architectural pattern of fetching remote instructions is inherently risky.