b2c-ecdn
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill documentation recommends the use of
npx @salesforce/b2c-cli. As the@salesforceorganization is not listed in the explicitly trusted entities for this audit, the package is treated as an unverifiable third-party dependency. While likely legitimate for Salesforce environments, executing unverified packages at runtime vianpxis a security risk. - [COMMAND_EXECUTION] (MEDIUM): The skill provides command examples that access highly sensitive local files, specifically using the
--private-key-fileand--certificate-fileflags (e.g.,./key.pem). While this is required for the skill's primary purpose of managing SSL certificates, it involves a high-privilege operation that interacts with private cryptographic material. - [COMMAND_EXECUTION] (LOW): The skill provides extensive capabilities to modify network security configurations, including WAF rules, firewall settings, and rate limits. While these are the intended functions of the skill, they represent significant control over organization infrastructure that should be restricted to authorized environments.
Audit Metadata