using-ui-bundle-salesforce-data

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill provides documentation and patterns for Salesforce data access within UI bundles using official SDKs.
  • [COMMAND_EXECUTION]: The skill includes a local bash utility scripts/graphql-search.sh. Analysis shows the script implements security best practices, including set -euo pipefail for error handling and regex-based input validation (^[A-Za-z_][A-Za-z0-9_]*$) to prevent command injection when processing user-supplied entity names.
  • [EXTERNAL_DOWNLOADS]: The skill references standard development dependencies such as @salesforce/sdk-data and eslint. No unverified or suspicious remote code execution patterns were detected.
  • [DATA_EXFILTRATION]: Network operations are restricted to documented Salesforce API endpoints (e.g., UI API, Apex REST, Einstein LLM) via the @salesforce/sdk-data SDK, which is consistent with the skill's purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 12:50 AM
Security Audit — agent-trust-hub — using-ui-bundle-salesforce-data