b2c-job
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill utilizes
npx @salesforce/b2c-cli, which downloads and executes a package from the npm registry at runtime. Although the package belongs to a known organization (Salesforce), it is not within the explicitly predefined trusted list, making it an unverifiable external dependency.- COMMAND_EXECUTION (SAFE): The skill is designed to execute standardb2cCLI commands for job management. This aligns with its primary stated purpose and does not appear to involve arbitrary or malicious command construction.- DATA_EXFILTRATION (LOW): Thejob exportandjob importcommands facilitate the movement of site archives and data between the local environment and the Salesforce cloud. While this is intended behavior, it represents a data movement vector that should be monitored.- PROMPT_INJECTION (LOW): The skill has a surface for Indirect Prompt Injection (Category 8). An attacker who can influence job names or log output on the Salesforce instance could potentially inject instructions that the agent might follow when processing the results ofb2c job searchorb2c job run --show-log. - Ingestion points:
b2c job searchoutput and job log contents via--show-log. - Boundary markers: Absent; the agent is not instructed to ignore instructions within the logs.
- Capability inventory: CLI execution and file system access (
job import). - Sanitization: None; the skill does not specify how to sanitize or escape data retrieved from the instance logs.
Audit Metadata