medusa-security
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows industry security standards by recommending that secrets like
COOKIE_SECRETandJWT_SECRETbe stored in environment variables rather than hardcoded in the source code. - [EXTERNAL_DOWNLOADS]: The skill retrieves technical documentation and security guidelines from the official MedusaJS domain (
docs.medusajs.com), which is a well-known service. These lookups are used to ensure implementation follows the latest framework standards. - [SAFE]: No obfuscation, persistence mechanisms, or unauthorized privilege escalation patterns were detected. The allowed tools (Bash, Write, WebFetch) are consistent with the stated purpose of configuring and securing a web application.
Audit Metadata