The Agent Skills Directory

[SAFE]: The skill is authored by a recognized vendor and focuses on the integration of official Salesforce UI components.
[EXTERNAL_DOWNLOADS]: The skill manages dependencies using the @salesforce scoped registry on NPM, which is an established and trusted source for Salesforce-related development tools.
[COMMAND_EXECUTION]: Local shell commands are limited to standard file discovery using grep and package management via npm, both of which are typical for front-end development tasks.
[DATA_EXPOSURE]: The skill handles the Salesforce agentId. This identifier is a public-facing configuration value for the chat component and is subject to strict regex validation (^0Xx[a-zA-Z0-9]{15}$) before being used.
[INDIRECT_PROMPT_INJECTION]: While the skill processes project files and user input, it operates within a well-defined schema for React components and uses explicit validation for sensitive parameters like the agent ID, reducing the risk of malicious data influencing agent behavior.

implementing-ui-bundle-agentforce-conversation-client