building-omnistudio-flexcard
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses official Salesforce CLI (
sf) commands for querying and deploying metadata (e.g.,sf project deploy,sf data query). These are standard development operations that run within the user's authenticated environment and do not pose a security risk in this context. - [DATA_EXFILTRATION]: Analysis shows no unauthorized network operations. All data interactions are restricted to the Salesforce platform via the official CLI, and no sensitive credentials or exfiltration patterns were found.
- [PROMPT_INJECTION]: The skill features a structured 130-point scoring rubric and explicit generation guardrails to ensure that created FlexCard definitions are valid and safe. While it processes user requirements, the focused nature of the tool and the inclusion of validation phases mitigate risks of indirect prompt injection.
Audit Metadata