sf-soql
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, prompt injections, or unauthorized data access mechanisms were identified across the 18 analyzed files.
- [COMMAND_EXECUTION]: The skill includes documentation for standard Salesforce CLI (
sf) commands, which are legitimate tools for Salesforce developers to execute queries and manage data within their environments. - [REMOTE_CODE_EXECUTION]: No remote code execution or suspicious external downloads were found. The installation instructions use a standard package manager pattern consistent with the skill's framework.
- [DATA_EXFILTRATION]: No evidence of hardcoded credentials, sensitive file access, or unauthorized network operations was found. The Python validation hook (
post-tool-validate.py) performs local static analysis of SOQL files. - [PROMPT_INJECTION]: The instructions provided in SKILL.md are focused on task delegation and output formatting for SOQL generation and do not attempt to bypass AI safety guidelines.
Audit Metadata