deploying-metadata
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses official Salesforce CLI (
sf) commands for its primary purpose of metadata deployment and management. It adheres to industry best practices such as performing dry-run validations before actual deployments. - [COMMAND_EXECUTION]: Shell commands are strictly limited to the
sfCLI tool and standard filesystem operations (e.g.,test -f,ls,cat) necessary for DevOps tasks. No arbitrary or high-risk command execution patterns were found. - [DATA_EXFILTRATION]: No evidence of unauthorized data transfer or hardcoded credentials. All network operations are directed towards Salesforce's official platform via the standard CLI authentication mechanisms.
- [EXTERNAL_DOWNLOADS]: The skill does not download external scripts or packages from untrusted sources. All dependencies (like the
sfCLI) are expected environment requirements for a Salesforce developer. - [PROMPT_INJECTION]: The instructions are clearly structured for task orchestration and do not contain patterns attempting to bypass agent safety guidelines or override system prompts.
Audit Metadata