marketplace-order-hook
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill mandates authentication validation for webhooks by verifying origin credentials (Origin.Account, Origin.Key) and custom headers, mitigating unauthorized event injection.
- [SAFE]: The instructions promote data integrity through idempotent processing, providing patterns to avoid duplicate order fulfillment using unique deduplication keys (OrderId + State + LastChange).
- [SAFE]: Network operations are restricted to official VTEX API endpoints (vtexcommercestable.com.br), which are vendor-owned resources for this skill.
- [SAFE]: Implementation examples follow security best practices by utilizing environment variables for credential management rather than hardcoding sensitive tokens.
- [SAFE]: The skill identifies and provides architectural solutions for common reliability failure modes, such as the mandatory 5000ms response window for webhooks, by recommending asynchronous processing queues.
Audit Metadata