b2c-sites
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes commands using the
b2cCLI ornpx @salesforce/b2c-clito perform administrative operations on commerce instances, such as site listing and cartridge path modification. - [EXTERNAL_DOWNLOADS]: References the
@salesforce/b2c-clipackage, which is an official tool provided by Salesforce for platform management. - [PROMPT_INJECTION]: Detected a surface for indirect prompt injection based on the skill's interaction with external instance data.
- Ingestion points: Data retrieved from the B2C Commerce instance (site IDs, cartridge lists) enters the agent's context.
- Boundary markers: No delimiters or safety instructions are present to distinguish between trusted commands and instance data.
- Capability inventory: The skill can execute shell commands via the CLI to modify platform settings.
- Sanitization: There is no documented validation or sanitization of the data retrieved from the remote commerce instance before it is used in subsequent operations.
Audit Metadata