integration-connectivity-generate
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill includes shell scripts (configure-named-credential.sh, set-api-credential.sh) that use the Salesforce CLI (sf) to automate tasks such as querying metadata, deploying integration components, and managing org settings.
- [REMOTE_CODE_EXECUTION]: The configure-named-credential.sh script generates temporary Apex code to store API keys and executes it against a target Salesforce org using the sf apex run command, which is a standard automation practice for the platform.
- [CREDENTIALS_UNSAFE]: The set-api-credential.sh script provides an option to pass API keys as command-line arguments. While this can expose secrets in system logs, the script also includes a secure interactive input mode and is documented as a less secure method intended for specific environments.
- [SAFE]: The skill implements a security validation hook (hooks/scripts/validate_integration.py) that audits generated code for security anti-patterns, such as hardcoded secrets and missing error handling in callouts.
- [SAFE]: Resources and commands are associated with the official platform vendor and well-known services (Salesforce CLI), which are considered trusted sources for the intended development workflow.
Audit Metadata