vtex-io-auth-tokens-and-context
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides development guidelines for VTEX IO applications, specifically focusing on the secure selection and propagation of authentication tokens.
- [CREDENTIALS_UNSAFE]: The instructions explicitly forbid hardcoding sensitive credentials such as
appKeyandappToken, instead advocating for the use of context-aware tokens (ctx.authToken,ctx.storeUserAuthToken,ctx.adminUserAuthToken). It also warns against logging raw tokens or returning them in API responses. - [PROMPT_INJECTION]: The content consists of legitimate technical instructions and code examples without any attempts to override agent behavior or bypass safety protocols.
- [DATA_EXFILTRATION]: No unauthorized network operations or access to sensitive local file paths (like SSH keys or environment files) were detected. All external references target official VTEX documentation.
- [COMMAND_EXECUTION]: The skill does not contain any shell command execution or subprocess spawning patterns.
Audit Metadata