b2c-cip
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill utilizes the
b2c cipcommand-line utility for database operations and reporting. While it performs command execution, it follows the standard pattern for a CLI-based skill and uses well-known Salesforce developer tools. - [DATA_EXPOSURE] (SAFE): The documentation mentions authentication credentials (
--client-id,--client-secret). However, it correctly uses placeholders (e.g.,<client-id>) in examples and does not contain hardcoded secrets or sensitive file path access. - [PROMPT_INJECTION] (SAFE): No instructions attempting to override agent behavior, bypass safety filters, or extract system prompts were found. The skill's instructions focus on technical execution and documentation.
- [EXTERNAL_DOWNLOADS] (SAFE): The skill mentions the use of
npx @salesforce/b2c-cli. While this involves an external package, it is from a reputable source (Salesforce) and is a standard method for using their CLI tools. No unverified or suspicious remote code execution patterns were detected. - [DATA_EXFILTRATION] (SAFE): No network operations to non-whitelisted or suspicious domains were identified. The mentioned Salesforce analytics URLs are appropriate for the skill's stated purpose.
Audit Metadata