deco-start-architecture
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The documentation describes a legitimate framework architecture for headless CMS integration. The dynamic resolution engine and the RPC-style invoke protocol are standard, functional components of the deco-start system.
- [SAFE]: No evidence of prompt injection, unauthorized data access, or hardcoded credentials was found in the analyzed architectural references.
- [SAFE]: The framework utilities, such as the useScript function for SSR script injection, are documented with performance-oriented features like minification and LRU caching rather than malicious obfuscation.
- [SAFE]: All identified external dependencies and service references (e.g., TanStack, React, Cloudflare, VTEX, Shopify) are well-known industry standards consistent with the framework's stated purpose.
Audit Metadata