accessing-webapp-data
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill promotes the use of official vendor-owned packages (@salesforce/sdk-data) for all Salesforce data interactions, ensuring proper authentication and CSRF handling.
- [SAFE]: It identifies direct use of
fetchoraxiosas an anti-pattern for Salesforce endpoints because it bypasses security controls, which aligns with secure development best practices. - [SAFE]: The code examples provided are standard implementation patterns for GraphQL and REST API interactions within the Salesforce ecosystem.
- [SAFE]: No evidence of prompt injection, obfuscation, or unauthorized data exfiltration was found in the instructions or code samples.
Audit Metadata