experience-ui-bundle-salesforce-data-access

Pass

Audited by Gen Agent Trust Hub on Jun 27, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill utilizes official Salesforce development packages, including @salesforce/platform-sdk and @salesforce/graphiti. These are vendor-provided resources and their usage aligns with the skill's stated purpose of managing Salesforce data access.
  • [DATA_EXFILTRATION]: Network operations are conducted through the sdk.fetch and sdk.graphql methods, which are directed at authorized Salesforce API endpoints (e.g., /services/data/, /services/apexrest/). No patterns of data exfiltration to unauthorized or suspicious external domains were identified.
  • [COMMAND_EXECUTION]: The skill includes a local bash script (scripts/graphql-search.sh) and provides numerous CLI command examples for the graphiti tool. The bash script is restricted to local file system operations using grep and awk to search schema definitions. All command examples are standard development tasks and do not involve risky behaviors like piping remote content into a shell.
  • [SAFE]: File system access is limited to project-related configuration files such as schema.graphql and package.json. There is no evidence of the skill attempting to access sensitive system files, user credentials, or SSH keys.
  • [PROMPT_INJECTION]: The instructions focus strictly on data access workflows and do not contain patterns typical of prompt injection, such as attempts to bypass safety filters or override agent behavior.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 27, 2026, 02:29 PM
Security Audit — agent-trust-hub — experience-ui-bundle-salesforce-data-access