b2c-job
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for executing shell commands using the
b2cCLI (or@salesforce/b2c-clivia npx) to run jobs, import site archives, and export data. This represents the primary functionality provided by the vendor. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). It includes instructions to ingest and process potentially untrusted data from external sources, specifically site archives during import and job logs retrieved via the
--show-logflag. - Ingestion points: Site archive directories/zip files (
b2c job import) and remote job logs (b2c job run --show-log). - Boundary markers: None specified in the instructions to delimit external data from agent commands.
- Capability inventory: The agent has the ability to execute shell commands and manage remote server jobs.
- Sanitization: No sanitization or validation logic is defined for the content of logs or archives before they are presented to the agent for analysis.
Audit Metadata