Shopify Ads Helper

Security checks across malware telemetry and agentic risk

Overview

This skill is a non-executable Shopify ads advisory helper with one minor trigger-scope issue but no hidden actions or privileged access.

Install only if you want advisory help with Shopify paid ads and attribution. Provide only the store and ad-performance details needed for a specific question, and manually review any suggested budget, tracking, or checkout changes before applying them in Shopify or ad platforms.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger keywords are broad enough to activate on generic ecommerce or checkout conversations that are not specifically about Shopify paid ads workflows. Over-broad activation can cause inappropriate skill invocation, leading the agent to apply domain-specific recommendations in the wrong context, which is a real security and safety issue because it increases the chance of unintended tool use or misleading guidance.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal