b2c-webservices
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): The skill actively addresses data security by providing code examples for the
filterLogMessagefunction. This function is designed to prevent the leakage of credentials (API keys, Authorization headers, and passwords) into system logs. - [Indirect Prompt Injection] (LOW): The skill defines patterns for ingesting data from external APIs via
parseResponse. This constitutes a data ingestion surface where external content is parsed usingJSON.parse(). While this is a potential vector for indirect prompt injection if the resulting data is used to influence further agent decisions, the skill's focus on structured data handling and its educational nature make this a low risk. - [Unverifiable Dependencies] (SAFE): No external package managers (npm, pip) or remote script executions are utilized. The skill relies exclusively on the built-in Salesforce B2C Commerce
dw.svcanddw.netAPI classes. - [Command Execution] (SAFE): The skill does not contain any patterns for executing shell commands or arbitrary system code. It is restricted to the specific networking protocols (HTTP, SOAP, SFTP) supported by the platform's service registry.
Audit Metadata