b2c-sites
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- [External Downloads] (SAFE): The skill references the
@salesforce/b2c-clipackage. While it suggests usingnpxto download and run the CLI, this is the standard distribution method for an official developer tool from a reputable vendor (Salesforce). - [Indirect Prompt Injection] (LOW): The skill involves the agent reading and processing site list data from external B2C Commerce instances, which could theoretically contain malicious instructions if an attacker controls the site names.
- Ingestion points: Output from the
b2c sites listcommand. - Boundary markers: None present in the provided command examples.
- Capability inventory: Ability to execute CLI commands and parse JSON output.
- Sanitization: None identified; the agent is expected to handle the CLI output directly.
Audit Metadata