platform-docs-get

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The file scripts/runtime_bootstrap.py utilizes os.execve to transition script execution to a specific Python interpreter within a dedicated virtual environment directory (~/.claude/.fetching-salesforce-docs-runtime/venv). This process-replacement technique is used for environment management and to ensure the skill runs with its required dependencies.
  • [COMMAND_EXECUTION]: The extraction scripts (scripts/extract_help_salesforce.py and scripts/extract_salesforce_doc.py) use the Playwright library to execute a Chromium browser instance to scrape content. This involves executing browser binaries locally.
  • [EXTERNAL_DOWNLOADS]: The skill requires the playwright and playwright-stealth Python packages. Installation of these dependencies involves fetching code from official package registries and browser binaries from trusted provider servers.
  • [PROMPT_INJECTION]: The skill processes external web content from official Salesforce domains, creating an indirect prompt injection surface.
  • Ingestion points: Data enters the agent's context through scripts/extract_help_salesforce.py and scripts/extract_salesforce_doc.py which scrape web pages.
  • Boundary markers: No explicit markers are used in the scraped content, although SKILL.md provides interpretation rules.
  • Capability inventory: The skill can execute subprocesses via Playwright and replace its own process via os.execve.
  • Sanitization: The scripts normalize text and remove layout-related noise but do not implement specific sanitization to prevent the agent from following instructions embedded in the scraped HTML.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 12:50 PM
Security Audit — agent-trust-hub — platform-docs-get