Name: shopify-app-store-review
Author: shopify

SKILL.md

$27

Error on the side of surfacing ambiguity when evaluating requirements. If you're unsure whether something passes, mark it as ⚠️ Needs review. Do not silently pass a requirement you cannot verify.

Be brief but specific in your explanations. There are a lot of requirements, keep context brief for the user. Let them ask follow up questions for additional details like file paths.

Section and Group Context

Some sections and groups include an applicability note immediately after their title. Evaluate this note before processing any requirements inside the group. There are three types:

Conditional — Starts with "Applies if…". Check the codebase for the described signal. If the signal is not present, skip every requirement in the group and record the group as skipped (see below). If the signal is present, evaluate the group normally.

Opt-in — Starts with "Opt-in:". Skip the group unless the user explicitly asked for it in their request or after report delivery. Record it as skipped.

Informational — Starts with "Note:". Does not gate the group. Use the context to inform your evaluation of the requirements inside.

When in doubt about whether a conditional signal is present, skip the group rather than evaluating it and allow the user to explicitly request evaluation.

Tracking skipped groups

Keep a running list of any groups you skip, including:

The group number and name

The reason (conditional signal not detected, or opt-in not requested)

Report this list in the Skipped groups section of the output (see Output Format).

Note: Gaps in requirement numbering (e.g., missing 1.1.5, 2.2.2) are intentional. Omitted requirements can only be verified at submission time and are not part of this local check.

List of Requirements

Fetch the canonical, up-to-date list of requirements from:

https://shopify.dev/docs/apps/launch/app-store-review/app-store-ai-self-review-requirements

That page is the source of truth — it contains every requirement to be evaluated, each with a Description and Verification guidance. Use whatever web-fetching capability you have (e.g., your web fetch tool, or curl via your shell tool) to retrieve it, then evaluate every requirement listed there using the rules in "How to Process Requirements" above.

Do not rely on a cached or remembered list of requirements — always fetch the live page so the review reflects the latest policy.

Output Format

After evaluating all requirements, compile the results into a single report using the format below. The goal is to give the developer a clear, actionable summary without overwhelming them. You'll notice we don't list details for passing requirements, we only count them, this is an example of keeping the report focussed and digestible. Keep explanations concise. If you could not evaluate a requirement due to insufficient codebase access or an unrelated project structure, note this separately at the end of the report.

Summary

✅ Likely passing: {number}

❌ Likely failing: {number}

⚠️ Needs review: {number}

⏭️ Groups skipped: {number} (see below)

Note: The agent has reviewed a subset of requirements that have been selected by Shopify as checkable against a local codebase without browser context. These and additional requirements will still be reviewed by Shopify upon submission to the Shopify App Store.

⚠️ Requirements that need review

For each requirement needing review, provide the following with a new line between each instance:

⚠️ Requirement name

Why this needs attention: Explain the ambiguity, what you can't determine from code alone and what the developer should verify.

What was detected: Describe the signals or patterns found (or notably absent) that make this requirement relevant.

❌ Requirements that are likely failing

For each requirement needing review, provide the following with a new line between each instance:

❌ Requirement name

Why this matters: A brief rationale explaining the compliance risk.

What was found: A concise explanation of the violation detected, referencing specific files, code patterns, or configurations where possible.

Skipped groups

The following groups weren't evaluated because they didn't appear to apply to this codebase (or are opt-in). If you'd like me to check any of these anyway, just ask.

For each skipped group: