marketplace-order-hook

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill mandates authentication validation for webhooks by verifying origin credentials (Origin.Account, Origin.Key) and custom headers, mitigating unauthorized event injection.
  • [SAFE]: The instructions promote data integrity through idempotent processing, providing patterns to avoid duplicate order fulfillment using unique deduplication keys (OrderId + State + LastChange).
  • [SAFE]: Network operations are restricted to official VTEX API endpoints (vtexcommercestable.com.br), which are vendor-owned resources for this skill.
  • [SAFE]: Implementation examples follow security best practices by utilizing environment variables for credential management rather than hardcoding sensitive tokens.
  • [SAFE]: The skill identifies and provides architectural solutions for common reliability failure modes, such as the mandatory 5000ms response window for webhooks, by recommending asynchronous processing queues.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 01:06 AM
Security Audit — agent-trust-hub — marketplace-order-hook