trigger-refactor-pipeline
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script scripts/analyze_trigger.py executes the Salesforce CLI (sf) using subprocess.run with a list of arguments. This approach is secure as it avoids shell evaluation and prevents command injection through the trigger name parameter.
- [PROMPT_INJECTION]: The skill processes Apex trigger source code as untrusted input, creating an indirect prompt injection surface. Malicious instructions or instructions disguised as comments within the trigger code could attempt to influence the AI agent's refactoring logic or deployment actions.
- Ingestion points: scripts/analyze_trigger.py (retrieves the trigger_body variable via Salesforce CLI).
- Boundary markers: Absent; trigger code is retrieved and analyzed without specific delimiters or instructions for the agent to ignore embedded content.
- Capability inventory: Write tool (used to create handler and test classes) and Bash tool (used to deploy code and run tests).
- Sanitization: The skill does not perform any sanitization, filtering, or validation of the retrieved trigger source code before presenting it for analysis.
Audit Metadata