The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/auth.py uses subprocess.run to execute Salesforce CLI (sf) commands like org display and org list. This is the intended mechanism for retrieving authentication details without requiring users to input passwords. The commands are constructed using argument lists rather than shell strings, which is a secure practice that prevents command injection.
[SAFE]: The skill operates as a read-only auditing tool. It includes a surface for indirect prompt injection because it ingests and processes metadata from a Salesforce org (e.g., labels and descriptions of Permission Sets). However, this is inherent to the tool's function and is considered safe as the skill does not have capabilities to perform dangerous actions based on that data. The assessment of this surface area is as follows:
Ingestion points: Metadata is retrieved via SOQL queries in scripts/hierarchy_viewer.py, scripts/permission_detector.py, and scripts/user_analyzer.py.
Boundary markers: The tool reports findings in structured terminal tables and files; no specific boundary markers for the agent are implemented in the raw scripts.
Capability inventory: Subprocess execution is restricted to the local sf CLI; file operations are restricted to writing audit reports (CSV/JSON) in scripts/permission_exporter.py.
Sanitization: The skill performs standard rendering of Salesforce string data.

sf-permissions