sf-integration-procedure
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is designed with a strong emphasis on security and development best practices. It explicitly instructs the agent to avoid common security pitfalls in Salesforce development, such as hardcoding credentials or Salesforce IDs, and recommends the use of Named Credentials and Custom Metadata.
- [COMMAND_EXECUTION]: The skill utilizes the Salesforce CLI (
sf) to execute standard development tasks, including querying org metadata (sf data query) and deploying component definitions (sf project deploy start). These operations are necessary for the skill's intended purpose and operate within the user's authenticated environment. - [PROMPT_INJECTION]: The skill contains defensive instructions to ensure the agent maintains high security standards. Specifically, it mandates that the agent must not generate 'anti-patterns' (such as DML without error handling or circular calls) even if explicitly requested by a user, which serves as a safeguard against accidental or intentional misuse.
Audit Metadata