sf-metadata
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides a robust framework for generating Salesforce XML metadata (objects, fields, validation rules) using local templates and well-documented best practices.
- [SAFE]: CLI operations utilize the official Salesforce CLI (
sf) for org discovery and metadata querying, following standard developer workflows. - [SAFE]: Python scripts in
hooks/scripts/perform XML parsing and regex-based validation for scoring (e.g., checking for naming conventions, descriptions, and FLS best practices) without using dangerous functions likeeval()or making unauthorized network calls. - [SAFE]: The inclusion of a sensitive data scanner in
validate_metadata.pyis a defensive security feature designed to alert developers when potentially sensitive fields (like SSN or Credit Card numbers) are created without proper encryption or security considerations.
Audit Metadata