sf-deploy
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references the installation of the official @salesforce/plugin-code-analyzer plugin and the sf-skills toolkit from well-known sources.
- [COMMAND_EXECUTION]: Extensive use of standard Salesforce CLI commands is provided for deployment and environment management. These operations are core to the skill's purpose and include security-conscious recommendations like using dry-run validations.
- [PROMPT_INJECTION]: The skill contains capabilities for analyzing Salesforce project files for troubleshooting purposes. 1. Ingestion points: local metadata and code files (/force-app//*). 2. Boundary markers: no explicit markers are specified for external content. 3. Capability inventory: performs project deployments and Apex test runs via CLI. 4. Sanitization: no explicit sanitization or filtering of file content is mentioned before analysis.
Audit Metadata