payment-pci-security
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides comprehensive security guidelines for PCI DSS compliance and the use of VTEX Secure Proxy, correctly identifying safe and unsafe handling of card data.
- [SAFE]: Instructions explicitly forbid the storage or logging of sensitive card data (PAN, CVV, holder name), providing redaction patterns to prevent accidental data exposure in logs or persistent storage.
- [SAFE]: All external references and dependencies target official VTEX documentation or trusted repositories, with no evidence of typosquatting or malicious downloads.
- [SAFE]: Credential management examples use environment variables for keys and tokens, aligning with secure coding practices for managing secrets.
- [SAFE]: The skill includes a clear distinction between authorization and post-authorization flows, ensuring that Secure Proxy is used only when card data is actually present.
Audit Metadata