sf-apex
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local Python scripts (
apex-lsp-validate.py) to execute the Salesforce Apex Language Server for syntax validation. This operation is limited to linting local files and providing diagnostic feedback to the user, which is a standard part of a coding assistant's development workflow. - [INDIRECT_PROMPT_INJECTION]: As the skill is designed to review and refactor user-provided Apex code, it processes untrusted data. However, the skill contains a structured 150-point scoring rubric and specific guardrails (e.g., in
references/security-guide.md) that guide the agent to perform technical analysis based on established security standards rather than following embedded instructions. - [DATA_EXFILTRATION]: No exfiltration vectors were identified. The skill instructions and templates actively promote secure data handling, such as using bind variables and Salesforce Named Credentials to avoid hardcoding sensitive information.
Audit Metadata