vtex-io-security-boundaries
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill documents defensive coding practices for VTEX IO services, such as validating untrusted input from
ctx.request.bodybefore processing it. - [SAFE]: It provides explicit instructions to prevent data exposure by mandating minimal response shapes and prohibiting the return of raw downstream payloads.
- [SAFE]: The guidelines include security-focused logging practices, specifically requiring the use of
ctx.vtex.loggerand the exclusion of sensitive headers or secrets from logs. - [SAFE]: It enforces multi-tenancy security by instructing agents to explicitly check
ctx.vtex.accountandctx.vtex.workspaceto prevent cross-context data leakage. - [SAFE]: External references point to official VTEX documentation (
developers.vtex.com), which is an established and trusted domain for this vendor context.
Audit Metadata