commercetools-headless-commerce
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill exclusively utilizes official, well-known libraries from Commercetools (@commercetools/platform-sdk and @commercetools/ts-client) for API interaction and authentication.
- [SAFE]: Extensive documentation is provided on preventing common vulnerabilities, specifically addressing query predicate injection through strict UUID and Email regex validation of user-supplied data.
- [SAFE]: The session management patterns recommended in references/security.md include HMAC-signed cookies and timing-safe comparisons to prevent session tampering and forgery.
- [SAFE]: All network operations are designed to interact with official Commercetools endpoints, and the skill correctly distinguishes between anonymous, password, and client-credentials flows for different security contexts.
- [SAFE]: No hardcoded credentials, malicious command execution, or obfuscated patterns were detected in the skill files.
Audit Metadata