sf-deploy
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill exclusively uses official Salesforce CLI (sf v2) commands for all deployment, retrieval, and management operations.
- [SAFE]: No hardcoded credentials, unauthorized secrets, or suspicious data exfiltration patterns were identified in the codebase or documentation.
- [SAFE]: Recommended deployment workflows include mandatory validation steps (using the --dry-run flag) to ensure integrity before making changes to target environments.
- [SAFE]: All external plugins and tools mentioned, such as @salesforce/plugin-code-analyzer, are from trusted official Salesforce repositories.
- [SAFE]: Shell scripts (e.g., references/deploy.sh) and manifest templates follow documented Salesforce best practices and do not contain any hidden remote execution payloads.
Audit Metadata