Skills
skills/forcedotcom/afv-library/running-apex-tests/Gen Agent Trust Hub

running-apex-tests

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Salesforce CLI (sf apex run test) to execute tests and collect coverage data. This is the intended primary function of the skill.
  • [PROMPT_INJECTION]: The skill ingests test failure messages and stack traces which are then processed by the agent to suggest code repairs, creating an indirect prompt injection surface.
  • Ingestion points: hooks/scripts/parse-test-results.py processes the TOOL_OUTPUT environment variable containing raw CLI results.
  • Boundary markers: The formatted output uses structured headers (e.g., APEX TEST RESULTS) to delimit data from instructions.
  • Capability inventory: The skill facilitates code modification by delegating repair tasks to the sf-apex skill.
  • Sanitization: The parser extracts error content verbatim; no specific instruction filtering is performed on the ingested test results.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 02:37 PM
Security Audit — agent-trust-hub — running-apex-tests