vtex-io-masterdata
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is purely educational and instructional, focusing on best practices for VTEX IO development. No malicious patterns, prompt injections, or unauthorized data access attempts were detected.
- [CREDENTIALS_UNSAFE]: The document references authentication headers (X-VTEX-API-AppKey, X-VTEX-API-AppToken) and environment variables within 'Wrong' code examples. These are used to demonstrate insecure implementation patterns and warn developers against them; no hardcoded secrets or actual credentials are present.
- [COMMAND_EXECUTION]: Includes example bash commands (curl) for interacting with official VTEX APIs (vtexcommercestable.com.br). These are provided for administrative reference (e.g., schema cleanup) and follow standard platform management procedures.
- [EXTERNAL_DOWNLOADS]: Mentions official and well-known Node.js packages such as @vtex/clients and p-queue. These are standard dependencies for the VTEX IO ecosystem and are used in a legitimate context.
Audit Metadata