spree-headless-storefront

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill is a technical guide for using the official Spree Commerce headless storefront. All external resources, including documentation and code repositories, originate from the official Spree Commerce organization on GitHub or their authoritative domains.
  • [EXTERNAL_DOWNLOADS]: Instructs the agent to fetch documentation and clone the storefront code from official Spree repositories. These downloads are from well-known technology providers and follow the intended purpose of the skill.
  • [COMMAND_EXECUTION]: Provides standard shell commands for cloning repositories, installing Node.js dependencies, and running a local development environment. These are routine actions for software development skills.
  • [CREDENTIALS_UNSAFE]: The skill demonstrates safe credential management practices. It instructs the use of a .env.local file for secrets, emphasizes that sensitive user JWTs should be stored in httpOnly cookies via server actions, and warns against exposing admin API keys or server-side Sentry DSNs to the client bundle.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 02:51 PM
Security Audit — agent-trust-hub — spree-headless-storefront