Skills
skills/orcaqubits/agentic-commerce-skills-plugins/sf-b2c-ocapi/Gen Agent Trust Hub

sf-b2c-ocapi

Pass

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: Analysis of the skill instructions and metadata reveals no security threats. The content is educational and focuses on API maintenance and migration best practices.
  • [EXTERNAL_DOWNLOADS]: The skill instructions suggest fetching live documentation from Salesforce's official developer portal using WebFetch. This targets a well-known service for technical reference and does not involve the execution of untrusted remote code.
  • [DATA_EXFILTRATION]: No evidence of credential theft or unauthorized data transmission. The skill includes specific security recommendations for managing API credentials and protecting Data API secrets.
  • [PROMPT_INJECTION]: Potential indirect prompt injection surface exists through documentation retrieval. 1. Ingestion points: WebSearch and WebFetch for developer.salesforce.com (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: Bash, Write, Edit, Read (SKILL.md). 4. Sanitization: Absent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 31, 2026, 06:11 AM