sf-lwc
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8). Ingestion points: Input properties in LWC templates (e.g.,
recordId,objectApiNameinflowScreenComponent.jsandbasicComponent.js) receive data from the Salesforce environment. Boundary markers: Instructions do not define explicit delimiters for data interpolated into generated prompts. Capability inventory: Provided Apex templates (LwcController.cls) and LWC components (datatableComponent.js,formComponent.js) perform data operations including queries, updates, and deletions. Sanitization: The skill incorporates security best practices, such asWITH SECURITY_ENFORCED,Security.stripInaccessible, andString.escapeSingleQuotesin its code templates to mitigate risks. - [COMMAND_EXECUTION]: Python hook scripts (
lwc-lsp-validate.py,post-tool-validate.py) and documentation (cli-commands.md) utilize shell commands viasubprocessor direct CLI instructions. Evidence: Use ofsubprocess.runto callnpxutilities for linting and code analysis. These commands target well-known Salesforce development tools (@salesforce/lwc-language-server, @salesforce-ux/slds-linter), which are standard in this development context. - [EXTERNAL_DOWNLOADS]: The skill's installation instructions and validation hooks reference external package downloads. Evidence: References to @salesforce/* npm packages and CLI plugins. These originate from Salesforce, a well-known service provider, and are used for their intended purpose of code validation and testing.
Audit Metadata