b2c-custom-api-development
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- Unverifiable Dependencies (MEDIUM): The skill references @salesforce/b2c-cli for essential tasks such as deployment and status monitoring. As the salesforce organization is not on the Trusted Organizations list, this dependency is flagged as an unverifiable external package reference. Evidence found in SKILL.md and references/TESTING.md.
- Command Execution (LOW): The skill relies on b2c CLI commands to perform administrative actions including code deployment (b2c code deploy), SLAS client creation (b2c slas client create), and log retrieval. While these are legitimate developer actions, they represent a significant capability surface for an agent. Evidence found in SKILL.md and references/IMPLEMENTATION.md.
- Data Exposure & Exfiltration (LOW): The skill demonstrates the use of curl to send authentication credentials and data to Salesforce Commerce Cloud and Account Manager domains. These domains are not in the predefined whitelist, though the behavior is consistent with the skill's stated purpose. Evidence found in references/TESTING.md.
Audit Metadata