experience-ui-bundle-app-coordinate
Pass
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to perform standard development tasks using shell commands, such as
sf template generate ui-bundle,npm install,npx eslint, and various build scripts. These are necessary operations for scaffolding, linting, and building a web application. - [PROMPT_INJECTION]: The skill is designed to ingest natural language requests from the user to generate application code and architecture. While this represents a potential surface for indirect prompt injection, it is the core intended functionality of the coordinator skill and is managed through the orchestration of specialized sub-skills.
- [SAFE]: All identified behaviors, including the use of Salesforce CLI tools and specific Node.js packages like
@salesforce/sdk-data, align with the established development patterns of the 'forcedotcom' vendor. No unauthorized data access, persistence mechanisms, or obfuscated code were found.
Audit Metadata