Skills
skills/forcedotcom/afv-library/data360-schema-get/Gen Agent Trust Hub

data360-schema-get

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the Salesforce CLI (sf) to retrieve authentication and instance information for the specified organization. Technical evidence:
  • In scripts/get_dlo_schema.py and scripts/get_dmo_schema.py, the authenticate_to_org function uses subprocess.run(['sf', 'org', 'display', '--target-org', org_alias, '--json'], ...).
  • This execution is performed securely using an argument list rather than a shell string, preventing shell injection vulnerabilities.
  • [SAFE]: The skill communicates exclusively with official Salesforce REST API endpoints (/services/data/v64.0/ssot/*) to retrieve schema data. It manages sensitive information, such as OAuth access tokens, by fetching them dynamically from the local Salesforce CLI session and including them in HTTPS request headers. No credentials are hardcoded or exfiltrated to third-party services.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 06:20 PM
Security Audit — agent-trust-hub — data360-schema-get