generating-ui-bundle-custom-app
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs shell operations using the Salesforce CLI (
sf) to query organization-level data and validate metadata deployments. These operations involve variable interpolation for parameters like target organization aliases. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes data from the local project environment to generate metadata files.
- Ingestion points: Properties such as
appNameandappNamespaceare derived from the project's directory structure andsfdx-project.jsonfile. - Boundary markers: The skill uses XML templates for structure, but lacks explicit instructions for the agent to sanitize or ignore potentially malicious instructions embedded in the ingested data.
- Capability inventory: The skill possesses the ability to write to the file system and execute shell commands via the Salesforce CLI.
- Sanitization: There is no evidence of validation or sanitization of the values resolved from project files before they are interpolated into the final XML output.
Audit Metadata