handling-sf-data
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a well-engineered utility for Salesforce data operations. It relies on the official Salesforce CLI (
sf) and emphasizes security-conscious workflows. - PII Protection: The included validation logic in
scripts/validate_data_operation.pyscans CSV and JSON payloads for PII patterns, such as SSNs and credit card numbers, before they are uploaded. - SOQL Analysis: The
soql_validator.pyscript provides pre-execution checks for SOQL queries, alerting users to security and performance anti-patterns like hardcoded IDs and unindexed filters. - Transactional Safety: Documentation and assets promote the use of savepoints and rollback patterns to ensure data isolation during testing.
- [INDIRECT_PROMPT_INJECTION]: The skill possesses a potential attack surface through the ingestion of external data files (CSV, JSON) and SOQL results. This is an inherent trait of data management tools and is considered low risk due to the skill's focus on structured data and the inclusion of validation scripts.
- [DYNAMIC_EXECUTION]: The skill generates and executes anonymous Apex code via the Salesforce CLI from local templates. This behavior is standard for Salesforce development automation and is limited to the skill's stated purpose.
Audit Metadata