sf-permissions
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates as a legitimate security auditing tool for Salesforce.
- [COMMAND_EXECUTION]: It invokes the
sfCLI viasubprocess.runto handle authentication. This is done using safe practices (no shell usage) to retrieve session data. - [EXTERNAL_DOWNLOADS]: The skill uses
simple-salesforceandrichfrom PyPI, both of which are standard, reputable libraries for Salesforce API interaction and terminal formatting. - [DATA_EXFILTRATION]: The skill allows users to export data to local files. There are no indications of data being sent to unauthorized external endpoints.
Audit Metadata