payment-async-flow

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFE
Full Analysis

The security analysis of the provided skill did not identify any malicious patterns or vulnerabilities. The skill's content is consistent with its stated purpose of documenting payment integration flows.

  • [SAFE]: The code snippets follow secure implementation patterns for the VTEX platform.
  • Credentials (API Keys and Tokens) are managed via environment variables rather than being hardcoded.
  • The skill correctly instructs developers to use signed callback URLs provided by the platform, which includes mandatory signature validation to prevent unauthorized notifications.
  • Network operations (fetch) are directed toward platform-managed endpoints for payment status updates, which is the intended functionality of a payment connector.
  • The use of the @vtex/payment-provider package is consistent with official platform development standards.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 01:06 AM
Security Audit — agent-trust-hub — payment-async-flow