sf-b2c-ocapi
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to fetch live documentation and migration guides from the official Salesforce developer portal (developer.salesforce.com) using WebSearch and WebFetch tools. This is a standard procedure for maintaining technical accuracy and does not involve untrusted or risky remote sources.
- [SAFE]: No malicious patterns such as prompt injection, obfuscation, or persistence mechanisms were detected. The skill's behavior is consistent with its stated purpose of assisting in legacy API maintenance and migration planning.
- [CREDENTIALS_UNSAFE]: The documentation discusses authentication methods like JWT and Client IDs but does not include hardcoded secrets or encourage unsafe handling of credentials. It provides appropriate advice on credential rotation and scope restriction.
- [DATA_EXFILTRATION]: There are no patterns indicating unauthorized data harvesting or transmission. The network tools are scoped to fetching public documentation and confirming version support on the user's specific instance.
Audit Metadata