vtex-io-client-integration
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill follows platform-specific best practices and does not contain malicious code or instructions.
- [EXTERNAL_DOWNLOADS]: The skill references official vendor packages such as @vtex/api and @vtex/clients for integration purposes. These are trusted resources within the VTEX ecosystem.
- [PROMPT_INJECTION]: The skill demonstrates handling untrusted input from request parameters (e.g., city names or order IDs) and interpolating it into API request paths. This is a common pattern for indirect prompt injection surfaces in integration skills. Ingestion points: ctx.vtex.route.params.id in route handlers. Capability inventory: Outbound HTTP requests via ctx.clients. Boundary markers: None. Sanitization: Not explicitly shown in example code snippets.
Audit Metadata