sf-b2c-cartridges

Pass

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill serves as a development guide for Salesforce Commerce Cloud (SFCC), providing technical documentation and architectural patterns without any malicious intent or risky command execution.
  • [CREDENTIALS_UNSAFE]: The skill explicitly advises against hardcoding or committing secrets, recommending the use of Business Manager preferences and service credentials, which aligns with standard security best practices.
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to fetch documentation from official sources, specifically the Salesforce Commerce Cloud GitHub repository. These references to well-known technology organizations are documented neutrally as standard development resources.
  • [DATA_EXFILTRATION]: No patterns for unauthorized data access or external transmission of sensitive information were detected.
  • [INDIRECT_PROMPT_INJECTION]: The skill fetches documentation from external sites via WebSearch and WebFetch. Ingestion points: Technical documentation and GitHub repositories (SKILL.md). Boundary markers: Absent. Capability inventory: Bash, Write, and Edit tools. Sanitization: Absent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 31, 2026, 06:10 AM
Security Audit — agent-trust-hub — sf-b2c-cartridges