dx-app-analytics-use
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. Analysis of the skill instructions and metadata revealed the following:
- Prompt Injection: The skill contains standard instructional guidelines and trigger rules for agent routing. There are no attempts to override safety filters, bypass instructions, or extract system prompts.
- Data Exposure & Exfiltration: The skill describes standard Salesforce REST API endpoints (
/services/data/vXX.0/sobjects/AppAnalyticsQueryRequest) and utilizes presigned download URLs provided by the platform. There are no hardcoded credentials or unauthorized network operations. - Obfuscation: No encoded content, zero-width characters, homoglyphs, or other obfuscation techniques were found.
- Remote Code Execution: The skill does not perform any remote script downloads or executions. It references the standard Salesforce CLI (
sf) for metadata deployment. - Privilege Escalation: No commands related to privilege escalation or unauthorized file system modifications were detected.
- Persistence: No mechanisms for establishing persistence across sessions were found.
- Indirect Prompt Injection: While the skill processes analytics metadata, it does not interpolate untrusted data into executable contexts or dangerous commands in an unsafe manner.
- Dynamic Execution: There is no evidence of runtime code generation, unsafe deserialization, or dynamic context injection.
Audit Metadata