dx-org-manage

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute Salesforce CLI commands. It constructs these commands by interpolating user-provided values such as org aliases, snapshot names, and file paths (e.g., sf org create snapshot --source-org <orgId-or-alias> --name <SnapshotName>).
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it processes untrusted user data and uses it to parameterize shell commands. This is a common pattern for skills that wrap CLI tools.
  • [SAFE]: The skill's behavior is consistent with its stated purpose and metadata. The author 'forcedotcom' is the legitimate organization for Salesforce, and the use of the sf CLI is expected.
  • [SAFE]: Writing command outputs to a local directory (force-app/main/adk-eval-output/) is a benign feature intended for integration with Salesforce evaluation and testing frameworks.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 03:27 PM
Security Audit — agent-trust-hub — dx-org-manage