The Agent Skills Directory

[SAFE]: No security threats identified in the analysis of the 67 files. The skill correctly utilizes deterministic naming conventions and stable global keys for cross-environment portability.
[DATA_EXFILTRATION]: No evidence of unauthorized data transmission. Resource URLs found in metadata point to legitimate Salesforce instance resources (e.g., standard product images) and are consistent with the skill's purpose.
[COMMAND_EXECUTION]: The skill documents the use of standard sf (Salesforce CLI) commands for data querying and project deployment. These commands are intended for the user's local development environment and do not pose a risk of arbitrary execution.
[INDIRECT_PROMPT_INJECTION]: While the skill ingests untrusted catalog data (JSON DataPacks) for review and modeling, this is its primary function.
Ingestion points: Processes DataPack JSON files in the assets/ directory and user-provided catalog metadata.
Boundary markers: Absent in templates; however, the skill logic focuses on structured JSON schema validation and scoring.
Capability inventory: Utilizes Salesforce CLI for data query and project deploy operations.
Sanitization: Instructions enforce deterministic ProductCode conventions and Picklist value alignment to reduce configuration errors.

sf-industry-cme-epc-model