configuring-webapp-csp-trusted-sites
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides a structured workflow for managing Salesforce
CspTrustedSitemetadata. It uses standard local commands such aslsto check for existing files andnpmto run build and lint tasks in the local project environment. - [SAFE]: The skill identifies external domains by scanning project source code. While this processes data that could be influenced by external contributions (URLs in code), the activity is limited to generating static configuration metadata and follows best practices such as enforcing HTTPS and origin extraction.
- Ingestion points: Scans project source code (HTML, JS, CSS) for URL patterns (SKILL.md).
- Boundary markers: Absent; no specific delimiters are used for the extracted URLs during the scanning phase.
- Capability inventory: File-write operations for metadata XML and local shell command execution for linting and building (SKILL.md).
- Sanitization: The skill instructions specify extracting only the origin and ensuring the use of the HTTPS scheme (SKILL.md, implementation/metadata-format.md).
Audit Metadata