vtex-io-client-integration

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill follows platform-specific best practices and does not contain malicious code or instructions.
  • [EXTERNAL_DOWNLOADS]: The skill references official vendor packages such as @vtex/api and @vtex/clients for integration purposes. These are trusted resources within the VTEX ecosystem.
  • [PROMPT_INJECTION]: The skill demonstrates handling untrusted input from request parameters (e.g., city names or order IDs) and interpolating it into API request paths. This is a common pattern for indirect prompt injection surfaces in integration skills. Ingestion points: ctx.vtex.route.params.id in route handlers. Capability inventory: Outbound HTTP requests via ctx.clients. Boundary markers: None. Sanitization: Not explicitly shown in example code snippets.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 01:06 AM
Security Audit — agent-trust-hub — vtex-io-client-integration