platform-apex-logs-debug

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Salesforce CLI (sf) to perform administrative tasks such as listing logs, retrieving log content, and managing trace flags. These are standard operations for Salesforce development.
  • [REMOTE_CODE_EXECUTION]: Provides instructions for executing Anonymous Apex scripts using sf apex run. This is a core Salesforce platform feature designed for developers to execute code snippets in their authenticated environments.
  • [EXTERNAL_DOWNLOADS]: Recommends the installation of the 'Apex Log Analyzer' VS Code extension from FinancialForce, which is a well-known and widely used community tool for performance profiling.
  • [DATA_EXPOSURE]: The skill is designed to ingest and analyze Salesforce debug logs retrieved from the user's authenticated orgs. Access to this data is managed through the standard Salesforce CLI authentication flow.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes external .log files from Salesforce orgs which represent a potential attack surface for indirect prompt injection if an attacker can control log output (e.g., via System.debug).
  • Ingestion points: Debug logs are retrieved from Salesforce orgs as described in SKILL.md and references/analysis-playbook.md.
  • Boundary markers: None present in the prompt templates to distinguish between log content and instructions.
  • Capability inventory: Subprocess calls include sf apex run and sf data delete within references/cli-commands.md.
  • Sanitization: No explicit sanitization or filtering of log content is implemented before analysis.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 12:50 PM
Security Audit — agent-trust-hub — platform-apex-logs-debug