sf-b2c-sfra
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to fetch the Storefront Reference Architecture (SFRA) source code from the official Salesforce Commerce Cloud GitHub repository for reference. This involves acquiring code from a well-known service provider as part of the intended development workflow.
- [PROMPT_INJECTION]: The skill retrieves data from external web searches and web fetching, creating a surface for indirect prompt injection where instructions embedded in retrieved documentation could potentially influence agent behavior.
- Ingestion points:
Before Writing Codesection usesWebFetchfor GitHub content andWebSearchfor developer portal documentation. - Boundary markers: None specified to isolate or delimit retrieved external content.
- Capability inventory: The execution environment includes access to
Bash,Write, andEdittools. - Sanitization: No specific validation or filtering mechanisms are defined for the fetched external content.
Audit Metadata