marketplace-order-hook
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides comprehensive security guidance for implementing VTEX order hooks. It includes specific constraints to validate authentication headers and origin credentials (Origin.Account, Origin.Key), preventing unauthorized fulfillment requests.
- [SAFE]: Implementation patterns use environment variables (process.env.VTEX_APP_KEY, process.env.HOOK_SECRET) instead of hardcoded secrets, following security best practices.
- [SAFE]: All external links and API base URLs (vtexcommercestable.com.br, developers.vtex.com) refer to official VTEX platform documentation and services.
- [SAFE]: No obfuscation, prompt injection, or suspicious network exfiltration patterns were identified.
Audit Metadata