sales-app-extensibility
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: Instructs users to use official VTEX and FastStore CLI tools for project initialization (
npx @vtex/fsp-cli init) and local development workflows (yarn fsp dev). - [EXTERNAL_DOWNLOADS]: References official VTEX documentation domains (
vtex.com,fast.store) and well-known open-source libraries such as Phosphor Icons for UI development. - [SAFE]: Proactively mitigates security risks by including a detailed catalog of static analysis rules (
references/static-analysis-rules.md) that prevent the use of dangerous APIs likeeval(), direct DOM manipulation, or Node.js module imports within the browser-based extensions. - [SAFE]: Demonstrates security awareness by explicitly labeling direct authentication patterns as insecure and recommending the use of secure VTEX IO Proxy apps for handling API keys.
- [SAFE]: Follows a strict 7-step workflow that requires user approval for the execution plan and focuses on generating typed integrations from legitimate API documentation.
Audit Metadata