The Agent Skills Directory

[PROMPT_INJECTION]: No evidence of instructions attempting to bypass safety filters, override system behavior, or extract sensitive internal prompts was found.
[CREDENTIALS_UNSAFE]: No hardcoded API keys, tokens, or secrets were detected. The skill correctly instructs the use of standard Salesforce API endpoints.
[EXTERNAL_DOWNLOADS]: The skill mentions a 'DownloadUrl' field which is part of the standard Salesforce App Analytics API for retrieving generated reports. These URLs are presigned and generated by the Salesforce infrastructure as part of the intended product functionality.
[DATA_EXFILTRATION]: No suspicious network operations or attempts to send sensitive data to external or untrusted domains were identified.
[REMOTE_CODE_EXECUTION]: The skill does not contain instructions to download and execute remote scripts or install unverified packages.
[COMMAND_EXECUTION]: No dangerous system command executions (e.g., sudo, chmod) or persistence mechanisms were found.
[DATA_EXPOSURE]: The skill uses user-supplied data such as Package IDs and Org IDs to construct REST API requests. While this represents a surface for indirect prompt injection, it is within the expected scope of a Salesforce development tool and relies on platform-side validation.

dx-app-analytics-query