Skills
skills/forcedotcom/sf-skills/recommending-devops-tests/Gen Agent Trust Hub

recommending-devops-tests

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: Uses the sf (Salesforce CLI) data query command to fetch DevOps Center metadata. This utilizes legitimate, vendor-provided tooling for its intended purpose.
  • [PROMPT_INJECTION]: The skill demonstrates a surface for indirect prompt injection as it processes untrusted data in the form of commit diffs.
  • Ingestion points: Commit diffs are ingested and analyzed during the 'Reasoning steps' phase (SKILL.md).
  • Boundary markers: The skill does not define explicit delimiters or 'ignore' instructions to encapsulate the untrusted diff content.
  • Capability inventory: The skill can execute SOQL queries via the sf command and display results to the user.
  • Sanitization: No explicit sanitization, validation, or escaping of the diff content is performed before the agent reasons over it.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 07:41 PM
Security Audit — agent-trust-hub — recommending-devops-tests