salesforce-dx
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions to override behavior or bypass safety filters were found. The prompt defines a legitimate expert persona for technical guidance.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials or sensitive file path access detected. Network access is not requested.
- Obfuscation (SAFE): No evidence of encoded commands, zero-width characters, or hidden content.
- Unverifiable Dependencies & Remote Code Execution (SAFE): No external package installations or remote script executions are present.
- Privilege Escalation (SAFE): No commands involving sudo or administrative overrides were identified.
- Persistence Mechanisms (SAFE): No attempts to modify startup scripts or establish scheduled tasks.
- Metadata Poisoning (SAFE): Metadata fields are consistent with the skill's purpose and do not contain malicious instructions.
- Indirect Prompt Injection (LOW): The skill creates an attack surface by recommending the processing of Salesforce metadata and code, but contains no active vulnerabilities.
- Time-Delayed / Conditional Attacks (SAFE): No logic gating behavior based on time or environment.
- Dynamic Execution (SAFE): No use of eval, exec, or runtime code generation.
Audit Metadata