Skills
skills/forcedotcom/afv-library/experience-ui-bundle-custom-app-generate/Gen Agent Trust Hub

experience-ui-bundle-custom-app-generate

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: Uses the Salesforce CLI (sf) to execute queries and validation commands, such as sf data query and sf project deploy validate. These commands are standard for the intended developer workflow and target the user-specified Salesforce organization.
  • [DATA_EXFILTRATION]: Reads project configuration from sfdx-project.json and local directory structures (e.g., uiBundles/) to resolve application properties. This data ingestion is required for metadata generation and is not sent to external or unauthorized endpoints.
  • [INDIRECT_PROMPT_INJECTION]: The skill interpolates project-specific data into metadata templates and shell command arguments.
  • Ingestion points: sfdx-project.json and uiBundles/ directory names.
  • Boundary markers: None; project values are substituted directly into template placeholders (e.g., {appName}).
  • Capability inventory: Execution of sf CLI commands via shell as described in SKILL.md.
  • Sanitization: Not explicitly defined; the skill assumes valid project metadata structures are present.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 12:31 PM
Security Audit — agent-trust-hub — experience-ui-bundle-custom-app-generate