vtex-io-events-and-workers
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a best-practices guide for VTEX IO developers and agents. It promotes secure design patterns such as idempotency to prevent duplicate side effects in asynchronous handlers.
- [DATA_EXFILTRATION]: The skill includes a specific warning in the 'Common failure modes' section against logging full event payloads that may contain secrets or tokens, which is a key security best practice.
- [REMOTE_CODE_EXECUTION]: No patterns for remote code execution, package installation, or dynamic script execution were identified.
- [COMMAND_EXECUTION]: The skill does not contain any shell commands, subprocess spawning, or dynamic context injection patterns.
- [CREDENTIALS_UNSAFE]: No hardcoded credentials or unsafe secret handling practices were found. It correctly suggests using environment-specific mechanisms and storage services (VBase, Master Data) for state management.
Audit Metadata