platform-metadata-deploy
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements standard automation for Salesforce deployment tasks using official platform tooling (sf CLI v2). All provided patterns, such as the deployment orchestration in SKILL.md and the shell script in references/deploy.sh, align with established DevOps best practices.
- [COMMAND_EXECUTION]: The skill utilizes shell commands to interact with the Salesforce CLI. These operations are transparently documented, use appropriate safety flags (like --dry-run), and are restricted to the primary purpose of metadata deployment and org management.
- [EXTERNAL_DOWNLOADS]: No external package installations or remote script executions from untrusted sources were found. The skill relies on locally provided templates and the pre-installed Salesforce CLI. Examples involving well-known services (e.g., Salesforce API domains) are documented neutrally for connectivity testing.
- [CREDENTIALS_UNSAFE]: Security-sensitive operations, such as OAuth token retrieval examples in references/agent-deployment-guide.md, use generic placeholders (e.g., DOMAIN, KEY, SECRET) and do not contain hardcoded credentials or real secrets.
Audit Metadata