Skills
skills/forcedotcom/afv-library/creating-webapp/Gen Agent Trust Hub

creating-webapp

Pass

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill guides the agent to use standard development tools including npm (for dependency management and build scripts) and sf (Salesforce CLI) for project generation and metadata deployment.
  • [EXTERNAL_DOWNLOADS]: The instructions involve the standard use of npm install to download third-party libraries such as react-router, tailwindcss, and shadcn/ui from the public npm registry.
  • [PROMPT_INJECTION]: The skill directs the agent to locate and follow instructions from external SKILL.md files within the repository (.a4drules/skills/ and feature/*/skills/). This constitutes an indirect prompt injection surface where untrusted data (project files) could influence agent behavior.
  • Ingestion points: Markdown files in .a4drules/skills/ and feature/*/skills/.
  • Boundary markers: None mentioned.
  • Capability inventory: File system writes (src/appLayout.tsx, index.html), shell command execution (npm, sf), and Salesforce metadata deployment.
  • Sanitization: None mentioned.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 26, 2026, 08:15 PM