Skills
skills/vtex/ai-skills/vtex-io-service-configuration-apps/Gen Agent Trust Hub

vtex-io-service-configuration-apps

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFECREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill provides documentation for VTEX IO's native configuration management system.
  • [CREDENTIALS_UNSAFE]: Uses clearly labeled placeholders like 'secret-api-key-here' for configuration examples.
  • [EXTERNAL_DOWNLOADS]: References official VTEX documentation (vtex.com) which are trusted sources for this platform.
  • [DATA_EXFILTRATION]: Mentions the 'read-workspace-apps' permission and provides specific guidance to evaluate its necessity and avoid adding it by default, following the principle of least privilege.
  • [PROMPT_INJECTION]: Identifies an ingestion surface for external configuration.
  • Ingestion points: 'ctx.vtex.settings' in 'SKILL.md'.
  • Boundary markers: Required 'settingsType' or '@settings' metadata.
  • Capability inventory: Outbound network calls via 'ctx.clients'.
  • Sanitization: Mandates 'configuration/schema.json' validation.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 01:54 AM