b2c-logs
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill utilizes the b2c CLI for non-interactive log retrieval and monitoring. As this is the core intended functionality of the skill, the severity is minimal.
- EXTERNAL_DOWNLOADS (LOW): The documentation suggests using npx @salesforce/b2c-cli to run the tool without global installation. This involves downloading and executing code from the NPM registry at runtime. Although the package is within a reputable organization scope, it remains an external dependency.
- PROMPT_INJECTION (LOW): (Category 8: Indirect Prompt Injection) The skill is designed to ingest and analyze server logs, which are external, potentially untrusted sources of data.
- Ingestion points: Log entries fetched through
b2c logs getandb2c logs tail(SKILL.md). - Boundary markers: Absent; instructions do not provide delimiters or warnings for the agent to ignore instructions embedded within the logs.
- Capability inventory: Shell execution of CLI commands and direct file access via WebDAV.
- Sanitization: No explicit sanitization or filtering of log messages is documented before the agent processes them.
Audit Metadata