platform-data-manage
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security vulnerabilities or malicious patterns were detected. The skill provides standard developer tooling for Salesforce data lifecycle management.
- [COMMAND_EXECUTION]: The skill executes official Salesforce CLI (
sf) commands to manage records and run anonymous Apex. This behavior is consistent with the skill's primary purpose of Salesforce org management. - [PROMPT_INJECTION]: The skill processes data from local CSV, JSON, and Apex templates, which constitutes a potential surface for indirect prompt injection. However, this risk is mitigated by the skill's 'describe-first' workflow and the inclusion of specialized validation scripts.
- Ingestion points: Template files located in
assets/csv/,assets/json/, andassets/factories/. - Capability inventory: Data manipulation via
sf dataand code execution viasf apex run. - Boundary markers: Detailed documentation and metadata guide the agent in distinguishing instructions from data templates.
- Sanitization: Employs dedicated Python scripts (
scripts/soql_validator.pyandscripts/validate_data_operation.py) to validate SOQL syntax, bulk safety, and data integrity before execution.
Audit Metadata