The Agent Skills Directory

[SAFE]: The skill is designed for code generation and review within the Salesforce ecosystem. It includes templates and patterns that enforce platform security standards, such as 'with sharing' declarations and data access checks using 'WITH USER_MODE' and 'Security.stripInaccessible()'.
[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting external data. (1) Ingestion points: The skill scans local Apex files using glob patterns (**/Callable.cls) and accepts user-provided requirements. (2) Boundary markers: No explicit delimiters are specified for the ingested file content. (3) Capability inventory: The skill performs local file reads and generates Apex code output. (4) Sanitization: The instructions do not specify sanitization for the ingested data before processing. This surface is considered a low-risk architectural feature necessary for development tasks.
[COMMAND_EXECUTION]: While the skill mentions the Salesforce CLI (sf CLI) as a requirement, it does not instruct the agent to execute shell commands. Deployment and management tasks are delegated to other specialized skills, maintaining a separation of concerns.
[SAFE]: The skill uses local file system access solely for project context and code generation. There are no patterns suggesting data exfiltration or unauthorized access to sensitive credential files.

omnistudio-callable-apex-generate