medusa-storefront

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill contains standard technical documentation, directory structures, and code snippets for implementing a MedusaJS storefront with Next.js 15.
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to use WebSearch and WebFetch to retrieve official documentation from docs.medusajs.com and the official starter template from the medusajs GitHub organization. These are well-known, legitimate sources for the technology being integrated.
  • [COMMAND_EXECUTION]: While the skill allows the Bash tool, its instructions focus on code generation and project structure rather than executing arbitrary or dangerous commands. Standard shell commands for package management or project initialization are expected in this developer context.
  • [CREDENTIALS_UNSAFE]: The skill includes placeholders for environment variables (NEXT_PUBLIC_MEDUSA_PUBLISHABLE_KEY=pk_...). These are safe examples of public-facing API keys required for storefront functionality and do not contain sensitive secrets.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 02:51 PM
Security Audit — agent-trust-hub — medusa-storefront