vtex-io-events-and-workers
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: This skill outlines patterns for processing external asynchronous data (events) via the
ctx.bodyobject. This represents a potential surface for indirect prompt injection where data from external systems enters the execution context.\n - Ingestion points:
ctx.bodyin event handlers (e.g.,handleOrderCreated).\n - Boundary markers: The skill does not explicitly define delimiters for external data in its examples.\n
- Capability inventory: The skill examples demonstrate use of
ctx.clientsto interact with external APIs (partnerApi) and internal storage (statusStore,VBase,Master Data).\n - Sanitization: Not explicitly covered; the skill focuses on idempotency rather than payload sanitization.\n- [DATA_EXPOSURE]: The skill includes positive security advice in its 'Common failure modes' section, explicitly warning developers not to log full event payloads that might contain secrets or tokens, recommending the use of IDs and metadata instead.
Audit Metadata