vtex-io-storefront-react
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill instructions promote security best practices by explicitly warning against using application keys in storefront code and discouraging direct API calls from the browser to prevent credential exposure.
- [SAFE]: It enforces architectural constraints that separate frontend UI logic from server-side Node.js APIs, reducing the risk of accidental exposure of environment-specific sensitive data or functionality.
- [SAFE]: The guidelines for data fetching encourage using established storefront hooks (e.g., useProduct, useOrderForm), which operate within the platform's authenticated context and follow least-privilege principles.
- [SAFE]: External references point to official documentation at developers.vtex.com, a well-known service domain for the platform the skill targets.
Audit Metadata