The Agent Skills Directory

[SAFE]: The skill's primary purpose is educational and tool-oriented for Salesforce developers. All provided assets (SOQL examples and Apex classes) are standard patterns for the platform.
[COMMAND_EXECUTION]: The file scripts/post-tool-validate.py is an advisory validation script. It uses standard Python libraries (os, sys, re, json) to perform static analysis on SOQL files. It attempts to import a local code_analyzer module from a relative shared directory, which is a standard pattern for multi-skill repositories.
[DATA_EXFILTRATION]: No unauthorized network operations or exfiltration patterns were found. References to the Salesforce CLI (sf commands) in references/cli-commands.md are documentation for interacting with the user's own authorized Salesforce environments.
[PROMPT_INJECTION]: The instructional content in SKILL.md and the reference guides focus on best practices for query performance, security enforcement (e.g., WITH SECURITY_ENFORCED), and governor limit awareness. No bypass or override instructions were detected.
[INDIRECT_PROMPT_INJECTION]: While the validation script processes user-edited .soql files, it performs localized static analysis using regex and does not pipe untrusted content into dangerous execution sinks. The output is advisory and informative.

platform-soql-query