payment-async-flow
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFE
Full Analysis
The security analysis of the provided skill did not identify any malicious patterns or vulnerabilities. The skill's content is consistent with its stated purpose of documenting payment integration flows.
- [SAFE]: The code snippets follow secure implementation patterns for the VTEX platform.
- Credentials (API Keys and Tokens) are managed via environment variables rather than being hardcoded.
- The skill correctly instructs developers to use signed callback URLs provided by the platform, which includes mandatory signature validation to prevent unauthorized notifications.
- Network operations (fetch) are directed toward platform-managed endpoints for payment status updates, which is the intended functionality of a payment connector.
- The use of the
@vtex/payment-providerpackage is consistent with official platform development standards.
Audit Metadata