sf-metadata
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes Salesforce CLI (sf) commands like 'sf sobject describe' and 'sf org list metadata' to query Salesforce orgs. It also runs local Python and Shell scripts (validate_metadata.py, generate_permission_set.py, run_validation.sh) for its core functionality.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes external metadata. 1. Ingestion points: Org metadata is ingested via 'sf' CLI commands as specified in SKILL.md. 2. Boundary markers: No explicit delimiters are used to separate CLI output from instructions. 3. Capability inventory: The skill can execute CLI commands and write metadata files to the local project structure. 4. Sanitization: There is no evidence of sanitization for the metadata content processed by the agent.
Audit Metadata