The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The deployment documentation contains CI/CD pipeline examples (GitHub Actions/GitLab CI) that download the Salesforce CLI ('sf') directly from developer.salesforce.com. These are verified downloads from a well-known technology provider and do not represent a security risk.
[COMMAND_EXECUTION]: The skill provides numerous examples of Salesforce CLI commands for authentication, scratch org management, and source deployment. These are the standard tools used by Salesforce developers and are used here within their intended context.
[DATA_EXFILTRATION]: While the skill describes patterns for outbound integrations and REST callouts, it strictly adheres to Salesforce best practices by recommending Named Credentials to manage endpoints and authentication securely, preventing the use of hardcoded secrets.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to process external data (CRM records and API responses). However, the provided code patterns include robust sanitization for database queries (e.g., String.escapeSingleQuotes and WITH SECURITY_ENFORCED) which mitigates the risk of technical injection attacks within the generated code.
[REMOTE_CODE_EXECUTION]: The DevOps guidelines include automation scripts for CI/CD environments. These scripts download and install the official Salesforce command-line interface, which is standard practice for automated deployments.

salesforce-developer