sf-soql
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documents and generates Salesforce CLI commands (e.g.,
sf data query,sf data export bulk,sf api request) to facilitate interaction with authenticated Salesforce environments. These commands are standard developer tools and essential to the skill's stated purpose. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection (Category 8) as it transforms natural language into executable SOQL queries.
- Ingestion points: Natural language requests in the
SKILL.mdworkflow and SOQL files processed by thepost-tool-validate.pyhook. - Boundary markers: Absent in the core workflow prompts; the skill relies on the agent's context and user verification.
- Capability inventory: Generates CLI commands and provides static analysis via Python hooks; no direct execution of untrusted code or arbitrary shell access is granted beyond documented Salesforce CLI usage.
- Sanitization: The
post-tool-validate.pyscript performs static analysis to detect and warn against anti-patterns likeSELECT *or missingWHEREclauses, acting as a advisory validation layer. - [SAFE]: Implements developer-friendly lifecycle hooks (
.claude/hooks.yaml) that execute bundled Python scripts for static analysis. These scripts (e.g.,post-tool-validate.py) use standard libraries to provide advisory feedback to the user and do not perform network operations or unauthorized file access.
Audit Metadata