platform-custom-object-generate
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides comprehensive guidelines for generating valid Salesforce Custom Object metadata XML, including platform constraints, naming conventions, and decision logic. No evidence of obfuscation, malicious code, network exfiltration, or unauthorized persistence mechanisms was detected.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it transforms user-provided labels and descriptions into structured XML metadata.
- Ingestion points: User-provided singular/plural labels and object descriptions (SKILL.md).
- Boundary markers: Absent. The skill does not instruct the agent to use specific delimiters or ignore embedded instructions within user inputs.
- Capability inventory: None. The skill's primary purpose is generating text output; it does not include tools for command execution, network access, or sensitive file system operations.
- Sanitization: Absent. The skill does not provide instructions to sanitize or escape user-supplied strings before they are interpolated into the XML tags.
Audit Metadata