sf-apex
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Potential for indirect prompt injection as the skill processes external Apex code files.
- Ingestion points: Untrusted codebase context and .cls files read via Glob and Read tools (specified in SKILL.md).
- Boundary markers: Absent; no instructions provided to the agent to differentiate between code and embedded instructions.
- Capability inventory: Capability to execute sf commands via Bash and modify files via Write/Edit tools (specified in SKILL.md).
- Sanitization: Absent; the skill does not validate or sanitize inputs read from the filesystem.
- [COMMAND_EXECUTION]: Uses the Bash tool to run sf CLI commands for org deployment. While this is the core function, it is an exploitable capability if the agent's logic is subverted.
Audit Metadata