configuring-code-analyzer
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: Employs standard shell commands and the Salesforce CLI (
sf) to perform project environment diagnostics and install necessary developer tools. These actions are strictly limited to the local project context and standard installation workflows. - [EXTERNAL_DOWNLOADS]: References and installs official Salesforce development tools, such as the
@salesforce/cliand@salesforce/plugin-code-analyzerplugin, from trusted vendor repositories. - [DYNAMIC_EXECUTION]: Internal scripts utilize Python's
yaml.safe_loadfor configuration validation. This method is a recognized security best practice that prevents unsafe execution during the parsing of YAML files. - [DATA_EXPOSURE_AND_EXFILTRATION]: Reads local project files like
code-analyzer.ymlandsfdx-project.jsonto identify project types and apply configurations. The skill does not access sensitive user credentials or perform unauthorized data transmissions to external domains.
Audit Metadata