dx-devops-test-suite-run
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Salesforce CLI (
sf) to perform environment checks, query records, and trigger API actions. - Evidence: Commands such as
sf org list,sf data query, andsf api request restare documented inSKILL.mdandreferences/prerequisite-checks.md. - Context: These are standard operations for the Salesforce ecosystem and are used here to manage DevOps Center resources. All API mutations are protected by an explicit user confirmation gate.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests data from external Salesforce records that could potentially contain untrusted content.
- Ingestion points: Data is read from fields like
ResultDetailsandMessagein theDevopsTestSuiteExecutionandDevopsTestExecutionobjects, as seen inreferences/polling-configuration.md. - Boundary markers: The instructions do not specify using delimiters when presenting this data to the user.
- Capability inventory: The skill has the ability to execute network requests and data queries via the CLI.
- Sanitization: While the skill instructs the agent to explain errors in plain language, there is no explicit instruction to sanitize or escape the content retrieved from the Salesforce org before display.
Audit Metadata