Skills
skills/salesforcecommercecloud/b2c-developer-tooling/b2c-scapi-schemas/Gen Agent Trust Hub

b2c-scapi-schemas

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (LOW): The skill references the use of 'npx @salesforce/b2c-cli', which downloads and executes the package from the npm registry if not already installed locally.
  • COMMAND_EXECUTION (LOW): The skill is centered around executing the 'b2c' command-line interface. While intended for its primary purpose, this involves interaction with the host system's shell.
  • PROMPT_INJECTION (LOW): Surface risk of Indirect Prompt Injection exists when processing external OpenAPI schemas retrieved from the API.
  • Ingestion points: OpenAPI JSON/YAML data from the Salesforce B2C instance.
  • Boundary markers: None identified in the provided documentation.
  • Capability inventory: Local shell command execution through the CLI tool.
  • Sanitization: No specific sanitization or validation of the retrieved schema content is described.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 08:57 PM