Skills
skills/forcedotcom/sf-skills/building-omnistudio-flexcard/Gen Agent Trust Hub

building-omnistudio-flexcard

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill provides legitimate functionality for OmniStudio development, including metadata templates and structured validation guidelines consistent with the vendor's (forcedotcom) official tooling.
  • [COMMAND_EXECUTION]: The script scripts/flexcard-commands.sh provides standard Salesforce CLI (sf) commands for querying and deploying metadata. These commands are necessary for the skill's primary purpose and are consistent with the established identity of the author.
  • [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection in Phase 1 (Requirements Gathering) where user-provided instructions influence the generated metadata. This risk is mitigated through a structured 130-point scoring rubric and explicit generation guardrails in Phase 3 that validate the output's compliance and safety.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 02:47 PM