Skills
skills/forcedotcom/afv-library/experience-lwc-generate/Gen Agent Trust Hub

experience-lwc-generate

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses PostToolUse hooks to perform automated code validation.
  • The script slds_linter_wrapper.py executes npx @salesforce-ux/slds-linter to check generated templates and styles for compliance.
  • The script lwc-lsp-validate.py coordinates with a language server to validate JavaScript logic and LWC-specific decorators.
  • These commands are diagnostic in nature and use parameters derived from the agent's own file output.
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions for setting up a standard Salesforce development environment using trusted external resources.
  • It references and automates the installation of official tools like @salesforce-ux/slds-linter, @salesforce/lwc-language-server, and the Salesforce Code Analyzer from the npm registry.
  • These downloads originate from well-known services and the official vendor ecosystem.
  • [SAFE]: The skill contains proactive security measures for the generated components.
  • All Apex controller templates include required security enforcement patterns, such as WITH SECURITY_ENFORCED and Security.stripInaccessible, to prevent unauthorized data access.
  • Detailed guides are included to educate developers on avoiding common security pitfalls like XSS and improper input handling.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 12:32 PM
Security Audit — agent-trust-hub — experience-lwc-generate