platform-metadata-retrieve
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute the
sf project retrieve startcommand. This is the standard and intended method for retrieving Salesforce metadata. The skill provides structured command patterns and enforces the use of the--jsonflag for safe parsing of outputs. - [SAFE]: The skill is authored by a trusted organization and relies on official platform tooling. Analysis of the instructions and reference files reveals no evidence of prompt injection, data exfiltration, obfuscation, or unauthorized persistence mechanisms.
- [SAFE]: The skill includes explicit warnings and troubleshooting guidance to prevent accidental data loss, such as requiring user confirmation before using the
--ignore-conflictsflag in trackable orgs.
Audit Metadata