bc-security
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides defensive security guidance for BigCommerce developers, focusing on best practices such as least privilege OAuth scopes, token rotation, and HMAC verification. No malicious patterns or bypass attempts were detected.
- [EXTERNAL_DOWNLOADS]: The instructions encourage fetching up-to-date documentation from the official BigCommerce developer portal (
developer.bigcommerce.com). Referencing these well-known, trusted resources for security guidelines is a safe and standard procedure. - [CREDENTIALS_UNSAFE]: The skill explicitly warns against exposing tokens and hardcoding credentials. It provides examples using generic placeholders (e.g., 'your-shared-secret') rather than actual sensitive data, and correctly recommends using environment variables for secret management.
Audit Metadata