vtex-io-react-apps
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill instructions emphasize security best practices, explicitly warning developers against using
fetch()oraxiosin components to avoid exposing authentication tokens on the client side. - [DATA_EXPOSURE]: The skill provides guidance on using
vtex.styleguideandvtex.css-handles, ensuring UI consistency and safe styling within the platform's sandbox. - [INDIRECT_PROMPT_INJECTION]: While the skill demonstrates rendering user-generated content (e.g., product reviews), it relies on standard React rendering which provides default XSS protection. The capability of the components described is limited to UI presentation, posing a low risk of cascading injection attacks.
Audit Metadata