The Agent Skills Directory

[SAFE]: No malicious patterns or security vulnerabilities were detected. The skill's architecture is focused on legitimate Salesforce development workflows.
[COMMAND_EXECUTION]: The skill utilizes lifecycle hooks to execute Python-based validation scripts (apex-lsp-validate.py and post-tool-validate.py). These scripts are used for syntax checking via an Apex Language Server and for calculating a 150-point quality score. This behavior is transparent and serves the stated purpose of code validation.
[PROMPT_INJECTION]: The SKILL.md file contains mandatory generation guardrails that explicitly instruct the agent to avoid generating anti-patterns such as SOQL/DML in loops or SOQL injection vulnerabilities. These instructions serve as a safety mechanism to ensure code quality.
[DATA_EXPOSURE]: The skill templates and reference guides emphasize the use of WITH USER_MODE and Security.stripInaccessible(), which are standard Salesforce security features for enforcing CRUD and Field-Level Security (FLS).
[INDIRECT_PROMPT_INJECTION]: As a code review tool, the skill naturally ingests untrusted Apex code files (.cls, .trigger) for analysis. This represents a potential attack surface for indirect prompt injection; however, given that this is the primary purpose of the skill and it includes strong internal guardrails for code generation, the risk is considered low and inherent to the use case.

sf-apex