The Agent Skills Directory

[SAFE]: The skill does not exhibit any malicious patterns. Its primary purpose is to assist developers in creating and maintaining secure Salesforce authentication configurations.
[COMMAND_EXECUTION]: The skill provides instructions and examples for using the official Salesforce CLI (sf project deploy, sf project retrieve) and curl for testing OAuth 2.0 flows. These commands are standard for the intended domain of Salesforce development and integration testing.
[EXTERNAL_DOWNLOADS]: The skill references and fetches information from official Salesforce documentation (salesforce.com) and established community resources such as Salesforce Ben and Apex Hours. These are well-known and trusted sources within the technology sector.
[PROMPT_INJECTION]: The skill includes an attack surface for indirect prompt injection as it is designed to read and process user-provided XML metadata files (e.g., in SKILL.md triggers for .connectedApp-meta.xml). However, the skill's own instructions explicitly focus on identifying security anti-patterns and enforcing best practices like minimal scopes and specific callback URLs, which mitigates the risk of the agent following malicious instructions embedded in data.
[CREDENTIALS_UNSAFE]: The skill demonstrates best practices for credential management by using placeholders (e.g., {{CONTACT_EMAIL}}, YOUR_CONSUMER_KEY) in templates and providing explicit warnings against committing secrets to source control in SKILL.md and the security checklist.

sf-connected-apps