using-ui-bundle-salesforce-data
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides documentation and patterns for Salesforce data access within UI bundles using official SDKs.
- [COMMAND_EXECUTION]: The skill includes a local bash utility
scripts/graphql-search.sh. Analysis shows the script implements security best practices, includingset -euo pipefailfor error handling and regex-based input validation (^[A-Za-z_][A-Za-z0-9_]*$) to prevent command injection when processing user-supplied entity names. - [EXTERNAL_DOWNLOADS]: The skill references standard development dependencies such as
@salesforce/sdk-dataandeslint. No unverified or suspicious remote code execution patterns were detected. - [DATA_EXFILTRATION]: Network operations are restricted to documented Salesforce API endpoints (e.g., UI API, Apex REST, Einstein LLM) via the
@salesforce/sdk-dataSDK, which is consistent with the skill's purpose.
Audit Metadata