b2c-scapi-admin
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill facilitates integration with official Salesforce Commerce Cloud services using legitimate domains (commercecloud.salesforce.com and demandware.com) as defined in the vendor context.
- [CREDENTIALS_SAFE]: No hardcoded credentials or secrets were found. The skill uses descriptive placeholders like 'your-client-id' and 'your-client-secret', and correctly demonstrates retrieving secrets from environment variables (process.env.CLIENT_ID) or secure local configuration (dw.json).
- [COMMAND_EXECUTION]: The skill uses standard Salesforce B2C CLI commands (b2c auth token) for authentication purposes, which is expected behavior for developer tooling in this ecosystem.
- [DATA_EXPOSURE]: Data handling patterns, such as the use of correlation IDs for tracking and verbose logging headers, follow industry standards for observability and debugging without exposing sensitive internal data.
- [REMOTE_CODE_EXECUTION]: No patterns of downloading and executing arbitrary remote code were detected. All network operations are structured API calls to known vendor endpoints.
Audit Metadata