Skills
skills/forcedotcom/sf-skills/configuring-quality-gate/Gen Agent Trust Hub

configuring-quality-gate

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Salesforce CLI (sf) to create and update records in the target organization. This is the intended behavior of the skill for managing DevOps configurations.
  • [PROMPT_INJECTION]: The skill processes user-provided inputs like quality gate names and thresholds which are then used in shell commands.
  • Ingestion points: User-provided name and rules thresholds in SKILL.md.
  • Boundary markers: The skill includes a mandatory MANDATORY IMPACT PREVIEW and Confirmation gate section to prevent unintended execution.
  • Capability inventory: Uses sf api request, sf data create, and sf data update commands.
  • Sanitization: No explicit sanitization of input variables is defined in the script, but the requirement for manual user confirmation before execution serves as a significant security mitigation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 07:41 PM
Security Audit — agent-trust-hub — configuring-quality-gate