Skills
skills/orcaqubits/agentic-commerce-skills-plugins/bc-stencil/Gen Agent Trust Hub

bc-stencil

Pass

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches Stencil theme documentation and object references from BigCommerce's official developer portal to assist the agent in theme development tasks.
  • [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection because it instructs the agent to ingest external content from documentation URLs while possessing file-writing and command-execution capabilities. However, since the source is the official developer portal of a well-known service, the risk is negligible.
  • Ingestion points: BigCommerce developer documentation URLs specified in SKILL.md.
  • Boundary markers: Absent; the skill does not specify delimiters for the fetched content.
  • Capability inventory: The skill allows the use of Bash, Write, and Edit tools, which could theoretically be manipulated by instructions embedded in external documentation.
  • Sanitization: Absent; there is no validation or filtering of the fetched documentation content before it enters the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 31, 2026, 06:10 AM