Skills
skills/jaganpro/claude-code-sfskills/sf-connected-apps/Gen Agent Trust Hub

sf-connected-apps

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute Salesforce CLI (sf) commands for metadata retrieval and deployment, which is the core intended purpose of the tool.
  • [PROMPT_INJECTION]: An indirect prompt injection surface is present as the skill ingests and analyzes data from local metadata files to generate security reports.
  • Ingestion points: The skill uses Glob and Grep to identify and read .connectedApp-meta.xml and .eca-meta.xml files for review (documented in SKILL.md and references/example-usage.md).
  • Boundary markers: There are no explicit instructions or delimiters used when processing file content to distinguish between the data being analyzed and the instructions for the agent.
  • Capability inventory: The skill has access to powerful tools including Bash (for command execution), Write/Edit (for file modification), and WebFetch (for network access).
  • Sanitization: No sanitization or validation of the ingested XML content is performed before the agent evaluates it for security scoring.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 02:20 PM