sf-b2c-isml
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: The skill functions as a developer reference for ISML syntax and template inheritance. It includes comprehensive instructions on security best practices, particularly regarding the use of correct encoding modes for the tag to prevent cross-site scripting (XSS) vulnerabilities.\n- [PROMPT_INJECTION]: The skill defines a surface for indirect prompt injection by instructing the agent to fetch live documentation from the web. \n
- Ingestion points: External documentation is retrieved via WebSearch and WebFetch in SKILL.md.\n
- Boundary markers: No specific delimiters or "ignore instructions" warnings are defined for the fetched external content.\n
- Capability inventory: The skill has access to tools including Bash, Write, Edit, and Read.\n
- Sanitization: The skill does not specify filtering or validation steps for content retrieved from external sources.\n- [EXTERNAL_DOWNLOADS]: The skill performs network operations using WebFetch to retrieve technical references. These operations target well-known technology services and official documentation repositories, which is considered standard and safe operational behavior.
Audit Metadata