experience-ui-bundle-salesforce-data-access
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a local shell script,
scripts/graphql-search.sh, to facilitate schema lookups. This script implements input validation using a regular expression (^[A-Za-z_][A-Za-z0-9_]*$) to prevent shell injection and focuses on local file reading usinggrepandawk. - [COMMAND_EXECUTION]: The instructions require the agent to execute standard development commands, such as
npm run graphql:codegenandnpx eslint, which are routine tasks for managing GraphQL types and code quality in the described environment. - [EXTERNAL_DOWNLOADS]: The skill relies on the
@salesforce/sdk-datapackage for data operations. This is an official library provided by the vendor for managing authentication and API requests. - [DATA_EXFILTRATION]: The skill documents interactions with various Salesforce API endpoints (e.g.,
/services/data/v{ver}/ui-api/records/,/services/apexrest/). These network operations are consistent with the skill's stated purpose of facilitating Salesforce data access through the vendor's official infrastructure.
Audit Metadata