platform-docs-get
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The file
scripts/runtime_bootstrap.pyutilizesos.execveto transition script execution to a specific Python interpreter within a dedicated virtual environment directory (~/.claude/.fetching-salesforce-docs-runtime/venv). This process-replacement technique is used for environment management and to ensure the skill runs with its required dependencies. - [COMMAND_EXECUTION]: The extraction scripts (
scripts/extract_help_salesforce.pyandscripts/extract_salesforce_doc.py) use the Playwright library to execute a Chromium browser instance to scrape content. This involves executing browser binaries locally. - [EXTERNAL_DOWNLOADS]: The skill requires the
playwrightandplaywright-stealthPython packages. Installation of these dependencies involves fetching code from official package registries and browser binaries from trusted provider servers. - [PROMPT_INJECTION]: The skill processes external web content from official Salesforce domains, creating an indirect prompt injection surface.
- Ingestion points: Data enters the agent's context through
scripts/extract_help_salesforce.pyandscripts/extract_salesforce_doc.pywhich scrape web pages. - Boundary markers: No explicit markers are used in the scraped content, although
SKILL.mdprovides interpretation rules. - Capability inventory: The skill can execute subprocesses via Playwright and replace its own process via
os.execve. - Sanitization: The scripts normalize text and remove layout-related noise but do not implement specific sanitization to prevent the agent from following instructions embedded in the scraped HTML.
Audit Metadata