storefront-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWNO_CODE
Full Analysis
- [SAFE] (INFO): No malicious patterns were detected. The skill consists entirely of Markdown documentation providing architectural and UI/UX guidance.
- [NO_CODE] (INFO): No executable scripts (Python, JavaScript, or Shell) or tool configurations were found within the skill files.
- [Data Exposure & Exfiltration] (INFO): The skill mentions standard web persistence mechanisms like cookies and localStorage for managing user state (cart, country selection), but no sensitive data exposure or exfiltration vectors are present.
- [Indirect Prompt Injection] (INFO): While the documentation describes components that process user-generated content (reviews, search), it does not create a vulnerability surface for the agent as there is no data ingestion logic included.
- [Unverifiable Dependencies & Remote Code Execution] (INFO): No remote dependencies or script execution patterns were identified.
Audit Metadata