The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the Salesforce CLI (sf) to perform organization queries and validate metadata deployments. It executes commands such as sf data query to fetch NamespacePrefix and DeveloperName records, and sf project deploy validate to check the integrity of generated files.
[PROMPT_INJECTION]: An indirect prompt injection surface exists because the skill ingests external data that is then interpolated into metadata templates.
Ingestion points: Data is sourced from sfdx-project.json and from the Salesforce Org via CLI queries (e.g., NamespacePrefix from Organization and DeveloperName from UIBundle).
Boundary markers: None; the resolved properties are directly substituted into XML and JSON template placeholders (e.g., {siteName}, {appNamespace}).
Capability inventory: The skill can read local files, create/modify metadata files in the project structure, and execute Salesforce CLI commands for data retrieval and deployment validation.
Sanitization: There is no explicit validation or sanitization of the values retrieved from the organization or local configuration before they are used to generate file content.

generating-ui-bundle-site