generating-apex-test
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for the agent to execute standard Salesforce CLI commands (
sf apex run test) to run test suites and verify code coverage as part of a developer workflow. - [DATA_EXPOSURE]: The workflow involves reading production and test source code to gather context for generating appropriate test classes and data factories.
- [INDIRECT_PROMPT_INJECTION]: The skill processes existing Apex code to generate test cases. While this is a vulnerability surface where source code comments could theoretically contain instructions to influence the agent, the skill is a standard development tool and no active injection patterns were detected.
- Ingestion points: Target production classes and existing test files are read during the context-gathering phase (SKILL.md, Step 1).
- Boundary markers: The instructions do not specify explicit boundary markers or delimiters for the ingested code.
- Capability inventory: The skill has the capability to write Apex files (
.clsand-meta.xml) and execute shell commands via the Salesforce CLI. - Sanitization: There are no explicit sanitization steps mentioned for the ingested source code content.
Audit Metadata