sap-business-one-servicer-layer-sql
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The documentation includes a specific example URL (https://sl.bunzlbi.mx:50000/b1s/v1/Login). While this appears to be a real endpoint used for demonstration purposes, it does not expose sensitive internal paths or credentials.
- [CREDENTIALS_UNSAFE]: The skill includes a 'profile object' and several curl examples for authentication. However, all sensitive fields (CompanyDB, UserName, Password) use redacted placeholders (****), adhering to security best practices for documentation.
- [PROMPT_INJECTION]: The skill requires the user to provide a BASE_URL at runtime. While this is a common ingestion point for external data, the instructions focus on structured OData interactions and standard SAP B1 protocols, presenting a minimal surface for indirect prompt injection.
- [COMMAND_EXECUTION]: The reference file contains multiple 'curl' command examples intended for developer use. These are provided as static documentation templates and are not executed dynamically by the skill itself.
Audit Metadata