sales-app-extensibility

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: Instructs users to use official VTEX and FastStore CLI tools for project initialization (npx @vtex/fsp-cli init) and local development workflows (yarn fsp dev).
  • [EXTERNAL_DOWNLOADS]: References official VTEX documentation domains (vtex.com, fast.store) and well-known open-source libraries such as Phosphor Icons for UI development.
  • [SAFE]: Proactively mitigates security risks by including a detailed catalog of static analysis rules (references/static-analysis-rules.md) that prevent the use of dangerous APIs like eval(), direct DOM manipulation, or Node.js module imports within the browser-based extensions.
  • [SAFE]: Demonstrates security awareness by explicitly labeling direct authentication patterns as insecure and recommending the use of secure VTEX IO Proxy apps for handling API keys.
  • [SAFE]: Follows a strict 7-step workflow that requires user approval for the execution plan and focuses on generating typed integrations from legitimate API documentation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 01:06 AM
Security Audit — agent-trust-hub — sales-app-extensibility