b2c-localization
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- Category 1: Prompt Injection (SAFE): No instructions found that attempt to bypass safety filters or override system prompts. The content is purely instructional.
- Category 2: Data Exposure & Exfiltration (SAFE): No sensitive file paths, hardcoded credentials, or unauthorized network operations were detected. Standard Salesforce Commerce Cloud (Demandware) APIs are used correctly.
- Category 3: Obfuscation (SAFE): No obfuscated content, Base64 encoding of commands, or hidden characters were found.
- Category 4: Unverifiable Dependencies & Remote Code Execution (SAFE): The skill does not perform any remote downloads, package installations (npm/pip), or remote script execution.
- Category 5: Privilege Escalation (SAFE): No commands related to privilege escalation (sudo, chmod, etc.) are present.
- Category 6: Persistence Mechanisms (SAFE): No attempts to modify startup scripts, cron jobs, or registry keys were found.
- Category 8: Indirect Prompt Injection (LOW): This skill defines surfaces for ingesting locale-specific strings and resource bundles. While these bundles (properties files) are external inputs, the documentation follows standard patterns and focuses on system-level localization rather than processing untrusted user input that could influence the LLM's logic flow.
- Category 10: Dynamic Execution (SAFE): The code snippets use standard template rendering and server-side logic typical for the Salesforce B2C platform. No unsafe deserialization or dynamic code generation from untrusted sources was detected.
Audit Metadata