platform-metadata-retrieve

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute the sf project retrieve start command. This is the standard and intended method for retrieving Salesforce metadata. The skill provides structured command patterns and enforces the use of the --json flag for safe parsing of outputs.
  • [SAFE]: The skill is authored by a trusted organization and relies on official platform tooling. Analysis of the instructions and reference files reveals no evidence of prompt injection, data exfiltration, obfuscation, or unauthorized persistence mechanisms.
  • [SAFE]: The skill includes explicit warnings and troubleshooting guidance to prevent accidental data loss, such as requiring user confirmation before using the --ignore-conflicts flag in trackable orgs.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 03:27 PM
Security Audit — agent-trust-hub — platform-metadata-retrieve