The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes the sf code-analyzer run command via the Bash tool. This is a legitimate development tool from Salesforce used for static analysis. The skill provides extensive documentation on correct flag usage for the v4+ version of the CLI.
[REMOTE_CODE_EXECUTION]: No remote code execution patterns were detected. The skill executes Node.js scripts (parse-results.js, apply-fixes.js, etc.) that are bundled within the skill's own directory. These scripts are used for data processing and applying code modifications based on the analyzer's output.
[DATA_EXFILTRATION]: No exfiltration patterns were detected. The skill reads local source code and writes scan results to local JSON/HTML files. While some engines like apexguru involve cloud-based analysis, this is a standard feature of the Salesforce toolset and requires explicit user-authenticated orgs.
[PROMPT_INJECTION]: The skill contains strong instructional language (e.g., "⚠️ CRITICAL: Tool Selection", "ABSOLUTE rules") to guide the AI agent's internal logic and prevent the use of deprecated or incorrect tools. These are safety and reliability constraints, not malicious override attempts.
[DYNAMIC_EXECUTION]: The apply-fixes.js script performs automated code modification by applying deterministic fixes provided by the analysis engines. This is a core feature of the skill. Security is maintained through a mandatory instruction requiring the agent to stop and wait for explicit user confirmation before any code changes are applied.
[INDIRECT_PROMPT_INJECTION]: The skill has a surface for indirect prompt injection (Category 8) because it ingests scan results that contain rule messages and code snippets. However, the ingestion point is the output of the local sf code-analyzer tool, and the risk is mitigated by the structured processing of the data via local scripts rather than direct prompt interpolation of raw external data.

running-code-analyzer