commerce-app-admin-ui
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides structured instructions for extending Adobe Commerce using official Adobe SDKs. It emphasizes security best practices, such as requiring Adobe IMS authentication (
require-adobe-auth: true) and utilizingfinal: trueannotations for runtime actions to prevent unauthorized access or parameter tampering. - [COMMAND_EXECUTION]: Instructs the agent to execute standard Adobe development tools, specifically
npx @adobe/aio-commerce-lib-app initfor project setup andaio app buildfor configuration validation. These commands are native to the Adobe App Builder ecosystem and are used within their intended scope. - [EXTERNAL_DOWNLOADS]: Declares dependencies on official Adobe NPM packages, including
@adobe/aio-commerce-lib-appand@adobe/aio-commerce-sdk. These packages are from a well-known service and are necessary for the skill's functionality. - [PROMPT_INJECTION]:
- Ingestion points: The skill interacts with local configuration files (
app.commerce.config.ts,ext.config.yaml) and provides templates for handlers that receive entity IDs from Adobe Commerce. - Boundary markers: Instructions mandate the use of SDK-provided request parsers (e.g.,
parseGridRequest,parseMassActionRequest) which establish clear boundaries for external data. - Capability inventory: The skill facilitates file system writes for handler creation and execution of build/initialization CLI commands.
- Sanitization: Relies on the
@adobe/aio-commerce-sdkwire-contract builders to validate and sanitize incoming data structures from Commerce before they are processed by the business logic.
Audit Metadata