generating-lightning-app
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: Analysis of the skill instructions and workflow revealed no malicious patterns, obfuscation, or unauthorized access attempts.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted user input in the form of natural language descriptions to plan and build Salesforce applications.
- Ingestion points: User requests are parsed in STEP 1 (Requirements Analysis) of SKILL.md.
- Boundary markers: The skill does not explicitly define delimiters for user-provided strings.
- Capability inventory: The skill generates XML metadata files and uses the salesforce-api-context tool; no arbitrary code execution or network exfiltration capabilities were identified.
- Sanitization: The skill includes validation for reserved words and naming conventions.
Audit Metadata