sf-apex
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No prompt injection or malicious overrides were found. The skill contains clear 'Generation Guardrails' designed to prevent the creation of insecure or inefficient code by the agent.
- [SAFE]: Data protection is a core focus. The documentation and templates emphasize the use of bind variables, 'WITH USER_MODE', and 'with sharing' keywords to prevent data exposure and SOQL injection.
- [SAFE]: External references and dependencies, such as the Trigger Actions Framework package and Salesforce CLI, are well-known, trusted industry standards for the Salesforce platform.
- [SAFE]: Automated validation scripts (lsp-validate.py and post-tool-validate.py) perform local static analysis using standard libraries and the official Apex Language Server to provide feedback during development.
- [SAFE]: No persistence mechanisms, privilege escalation attempts, or hardcoded credentials were identified in the codebase or reference materials.
Audit Metadata