platform-apex-logs-debug
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Salesforce CLI (
sf) to perform administrative tasks such as listing logs, retrieving log content, and managing trace flags. These are standard operations for Salesforce development. - [REMOTE_CODE_EXECUTION]: Provides instructions for executing Anonymous Apex scripts using
sf apex run. This is a core Salesforce platform feature designed for developers to execute code snippets in their authenticated environments. - [EXTERNAL_DOWNLOADS]: Recommends the installation of the 'Apex Log Analyzer' VS Code extension from FinancialForce, which is a well-known and widely used community tool for performance profiling.
- [DATA_EXPOSURE]: The skill is designed to ingest and analyze Salesforce debug logs retrieved from the user's authenticated orgs. Access to this data is managed through the standard Salesforce CLI authentication flow.
- [INDIRECT_PROMPT_INJECTION]: The skill processes external
.logfiles from Salesforce orgs which represent a potential attack surface for indirect prompt injection if an attacker can control log output (e.g., viaSystem.debug). - Ingestion points: Debug logs are retrieved from Salesforce orgs as described in
SKILL.mdandreferences/analysis-playbook.md. - Boundary markers: None present in the prompt templates to distinguish between log content and instructions.
- Capability inventory: Subprocess calls include
sf apex runandsf data deletewithinreferences/cli-commands.md. - Sanitization: No explicit sanitization or filtering of log content is implemented before analysis.
Audit Metadata