dx-app-analytics-use

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No security issues detected. Analysis of the skill instructions and metadata revealed the following:
  • Prompt Injection: The skill contains standard instructional guidelines and trigger rules for agent routing. There are no attempts to override safety filters, bypass instructions, or extract system prompts.
  • Data Exposure & Exfiltration: The skill describes standard Salesforce REST API endpoints (/services/data/vXX.0/sobjects/AppAnalyticsQueryRequest) and utilizes presigned download URLs provided by the platform. There are no hardcoded credentials or unauthorized network operations.
  • Obfuscation: No encoded content, zero-width characters, homoglyphs, or other obfuscation techniques were found.
  • Remote Code Execution: The skill does not perform any remote script downloads or executions. It references the standard Salesforce CLI (sf) for metadata deployment.
  • Privilege Escalation: No commands related to privilege escalation or unauthorized file system modifications were detected.
  • Persistence: No mechanisms for establishing persistence across sessions were found.
  • Indirect Prompt Injection: While the skill processes analytics metadata, it does not interpolate untrusted data into executable contexts or dangerous commands in an unsafe manner.
  • Dynamic Execution: There is no evidence of runtime code generation, unsafe deserialization, or dynamic context injection.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 07:12 PM
Security Audit — agent-trust-hub — dx-app-analytics-use