building-with-medusa
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The documentation contains specific instructions for the AI agent (referred to as 'Claude Code') to use a
TodoWritetool for task tracking. This is a legitimate workflow instruction and does not attempt to bypass safety filters or ignore previous instructions. - Unverifiable Dependencies (SAFE): The guide references standard industry packages such as
@medusajs/framework,@medusajs/js-sdk, and@tanstack/react-query. No suspicious or unversioned remote downloads are present. - Command Execution (SAFE): The command-line examples (
npx medusa db:generate,npx medusa db:migrate) are standard operations for the Medusa framework and are intended for developer/agent use during legitimate setup. - Data Exposure (SAFE): No hardcoded credentials, API keys, or sensitive file paths (like
.sshor.aws) were detected in the examples.
Audit Metadata