vtex-io-react-apps
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, prompt injections, or obfuscation detected. The skill provides legitimate architectural guidance for the VTEX IO React builder ecosystem.
- [DATA_EXFILTRATION]: The skill includes a security-positive constraint that forbids direct client-side API calls via
fetchoraxiosto prevent authentication token exposure. It mandates data fetching through GraphQL, which is the recommended secure pattern for this environment. - [EXTERNAL_DOWNLOADS]: The skill references official VTEX ecosystem packages (e.g.,
vtex.styleguide,vtex.css-handles). It explicitly warns against using unverified third-party UI libraries like Material UI or Ant Design in administrative contexts to ensure compliance with VTEX App Store standards. - [COMMAND_EXECUTION]: No shell commands, subprocess spawning, or arbitrary code execution patterns were found.
Audit Metadata