headless-bff-architecture
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides educational content and architectural constraints for building secure Backend-for-Frontend (BFF) layers for VTEX commerce storefronts.
- [SAFE]: Includes explicit instructions and code examples to prevent the exposure of sensitive credentials such as VTEX_APP_KEY, VTEX_APP_TOKEN, and VtexIdclientAutCookie in client-side code.
- [SAFE]: Recommends security best practices such as server-side session management, input validation, and the principle of least privilege for API keys.
- [SAFE]: External references point to official VTEX documentation and domains, which are appropriate for the skill's stated purpose.
- [SAFE]: No obfuscation, prompt injection, or remote code execution patterns were identified.
Audit Metadata