platform-metadata-retrieve
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the Salesforce CLI command
sf project retrieve startusing the Bash tool to sync metadata from remote orgs. - Evidence: Found in
SKILL.mdunder the 'Workflow' and 'Command Patterns' sections. - The execution is limited to the official Salesforce CLI tool, which is consistent with the skill's primary purpose and the trusted vendor identity.
- [INDIRECT_PROMPT_INJECTION]: The skill retrieves metadata components, such as Apex classes and XML configurations, from external Salesforce environments into the agent's context.
- Ingestion points: Output from the
sf project retrieve startcommand and the contents of the retrieved metadata files. - Boundary markers: Absent; there are no specific delimiters or instructions to ignore embedded content within the retrieved metadata.
- Capability inventory: The agent has access to the Bash tool to execute CLI commands based on its analysis of the project state.
- Sanitization: No explicit validation or filtering is performed on the retrieved metadata before it is processed by the agent, allowing for potential instructions in comments or data to influence agent behavior.
Audit Metadata