b2c-content
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documentation provides examples of shell commands using the
b2cCLI for exporting, listing, and validating content. This is the primary intended function of the skill and matches its description. - [EXTERNAL_DOWNLOADS]: Recommends the use of
@salesforce/b2c-clivianpx, which is an official vendor package associated with Salesforce Commerce Cloud. This is a trusted dependency for the commerce development environment. - [DATA_EXFILTRATION]: Mentions standard B2C Commerce configuration files like
dw.jsonand guides the user toward secure OAuth login procedures (b2c auth:login). It does not attempt to access sensitive files like SSH keys or environment secrets for exfiltration. - [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection by processing external JSON and XML files during validation and export. This is documented as a capability of the tool and does not contain malicious instructions directed at the agent.
Audit Metadata