sf-flexcard
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: No security threats identified. The skill correctly utilizes Salesforce metadata structures and provides architectural guidance for UI design within the Industries Cloud environment.
- [COMMAND_EXECUTION]: The skill instructs the agent on using the Salesforce CLI (
sf) to query and deployOmniUiCardmetadata. These commands are essential for the skill's functionality and are used according to platform best practices. - [PROMPT_INJECTION]: The skill was analyzed for indirect prompt injection risks (Category 8): 1. Ingestion points: Integration Procedure data sources defined in the
DataSourceConfig. 2. Boundary markers: Not explicitly defined in the provided JSON templates. 3. Capability inventory: Metadata deployment and querying via thesfCLI. 4. Sanitization: Relies on Salesforce's internal rendering and SLDS (Salesforce Lightning Design System) patterns. The risk is assessed as safe as the skill follows standard platform practices for data visualization.
Audit Metadata