Skills
skills/salesforcecommercecloud/b2c-developer-tooling/b2c-sandbox/Gen Agent Trust Hub

b2c-sandbox

Warn

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill recommends using npx @salesforce/b2c-cli for sandbox management. This command involves the dynamic download and execution of code from the public npm registry. As the @salesforce organization is not included in the trusted source whitelist, this is treated as an unverifiable dependency risk.
  • COMMAND_EXECUTION (LOW): The skill's primary function is to execute CLI commands (b2c or npx). This capability allows the agent to interact with the system shell, which could be exploited to run unintended flags or commands if the agent's instructions are bypassed.
  • PROMPT_INJECTION (LOW): The skill has a surface for indirect prompt injection. 1. Ingestion points: Untrusted data enters the context via the output of b2c sandbox list and b2c sandbox get. 2. Boundary markers: None are present to prevent the agent from interpreting instructions embedded in sandbox metadata. 3. Capability inventory: The skill can perform destructive actions like b2c sandbox delete. 4. Sanitization: There is no evidence of data sanitization before the agent processes command outputs.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 18, 2026, 07:08 PM