The Agent Skills Directory

[SAFE]: The skill incorporates an explicit 'Generation Guardrails' framework that forbids the agent from producing insecure Salesforce metadata, such as Data Mappers that skip Field-Level Security (FLS) validation or use wildcard field selections.
[COMMAND_EXECUTION]: Utilizes standard Salesforce CLI (sf) commands for querying, retrieving, and deploying metadata. These operations are appropriate for the skill's intended purpose and are restricted to legitimate administrative tasks.
[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it ingests external metadata files and provides capabilities to modify the target environment. Although it includes validation logic, the lack of explicit data isolation presents a risk factor.
Ingestion points: SKILL.md (glob patterns for OmniDataTransform metadata files in Phase 1).
Boundary markers: Absent; instructions do not provide delimiters or warnings to isolate content from processed metadata files.
Capability inventory: Deployment commands (sf project deploy) and API requests (sf api request) are available to the agent.
Sanitization: Present; 'Generation Guardrails' and a review phase provide instructions to detect and block malicious patterns before deployment.

sf-industry-commoncore-datamapper