deploying-webapp-to-salesforce
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill guides the agent to perform Salesforce operations using the official Salesforce CLI (
sf). This includes org authentication, metadata deployment, permission set assignment, and executing Anonymous Apex. These actions are standard for the intended use case of Salesforce development and deployment. - [EXTERNAL_DOWNLOADS]: The instructions include running
npm installwithin web application directories to manage project dependencies. This is a routine operation in modern web development workflows. - [REMOTE_CODE_EXECUTION]: The skill directs the execution of local project-specific scripts, such as
scripts/setup-cli.mjsandscripts/prepare-import-unique-fields.js. These are vendor-provided scripts meant to automate the deployment process. - [PROMPT_INJECTION]: An indirect prompt injection surface exists as the skill instructs the agent to discover files and extract names from filenames to interpolate into commands.
- Ingestion points: Project file system, specifically scanning for
.permissionset-meta.xmlanddata-plan.jsonfiles. - Boundary markers: None specified in the instructions.
- Capability inventory: Execution of shell commands via
sf,npm, andnodescripts. - Sanitization: The skill does not explicitly instruct the agent to sanitize filenames before using them as arguments in commands (e.g., in
sf org assign permset --name <name>). However, this is a common pattern in repository-focused setup skills and is assessed as safe in this context.
Audit Metadata