AI called this Suspicious at 90.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- `src/pages/buyer-organization-manager.tsx` extracts a VTEX auth token.
- `src/features/b2b-agent/layouts/B2BAgentLayout/B2BAgentLayout.tsx` sends that token to a hardcoded Vercel iframe.
- `src/features/order-entry/layouts/OrderEntryLayout.tsx` sends two auth tokens plus session and segment to another hardcoded Vercel iframe.
- Remote iframe endpoints can receive credentials after an authenticated user visits the routes.
Evidence against
- Both iframe message handlers validate the exact origin and embedded window.
- Remote-agent behavior is tied to explicit authenticated portal pages, not install/import execution.
- `package.json` has no preinstall/install/postinstall hook; `prepare` only invokes Husky.
- No filesystem writes, subprocess APIs, eval/vm, native payloads, or hidden binaries were found.
Behavioral surface
SourceChildProcessEnvironmentVarsFilesystemNetwork
Supply chainHighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 724 file(s), 1.33 MB of source, external domains: analytics.vtex.com, b2bfaststore.vtexfaststore.com, b2bfaststoredev.vtexassets.com, beta.vtexobservability.com, buyer-bulk-ops-agent.vercel.app, jsonata.org, order-entry-agent.vercel.app, rc.vtex.com, stable.vtexobservability.com, www.google.com