b2c-custom-caches
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: LOW
Full Analysis
- PROMPT_INJECTION (SAFE): No instructions attempting to override agent behavior or bypass safety filters were detected. The content remains strictly educational.
- DATA_EXFILTRATION (SAFE): The skill demonstrates the use of
dw.svc.LocalServiceRegistryanddw.io.File, which are standard Salesforce B2C Commerce APIs. No hardcoded credentials or unauthorized data transmission patterns were found. It correctly advises against caching personal user data as a best practice. - EXTERNAL_DOWNLOADS (SAFE): No external scripts, packages, or binaries are downloaded or referenced. All code examples use internal platform APIs (
dw.*). - INDIRECT_PROMPT_INJECTION (SAFE): While the skill describes processing external data (API responses and configuration files), it is a documentation-only skill with no executable components that could be exploited by such data in this context. The examples follow standard development patterns.
- COMMAND_EXECUTION (SAFE): There are no instances of shell command execution, subprocess spawning, or unsafe evaluation of strings as code.
Audit Metadata