debugging-apex-logs
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it ingests and analyzes Salesforce debug logs. These logs are external data that could theoretically contain malicious instructions embedded in error messages or log events.
- Ingestion points: Salesforce debug logs are retrieved via
sf apex get logandsf apex tail log(documented inreferences/cli-commands.md). - Boundary markers: The skill does not explicitly define delimiters or instructions for the agent to ignore potential commands within the log content, though it does mandate delegating code generation to separate specialized skills.
- Capability inventory: The skill utilizes powerful CLI capabilities including
sf data delete,sf data create, andsf apex runfor log management and diagnostic benchmarks (documented inreferences/cli-commands.md). - Sanitization: There is no explicit mention of sanitizing or escaping log content before it is processed by the agent.
- [COMMAND_EXECUTION]: The skill leverages the Salesforce CLI (
sf) to perform operations such as log retrieval, record management, and executing anonymous Apex for benchmarking. These operations are standard for Salesforce development workflows and are performed using official vendor tooling from the author (forcedotcom).
Audit Metadata