Skills
skills/thinkfleetai/thinkfleet-engine/bigcommerce/Gen Agent Trust Hub

bigcommerce

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches product, order, and customer data from the official BigCommerce API (api.bigcommerce.com). This is a well-known service and the communication is essential for the skill's functionality.
  • [COMMAND_EXECUTION]: Uses curl and jq locally to perform API requests and parse the resulting JSON data. These commands are static and do not execute untrusted input.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from the BigCommerce API into the agent context via curl and jq. While no explicit boundary markers are present to delimit the API output, the skill lacks dangerous capabilities like eval or file-write, and the use of jq provides basic sanitization by ensuring only structured data is extracted.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 05:13 AM