sf-soql
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides legitimate utility for Salesforce developers and follows established industry best practices for query optimization and security.
- [REMOTE_CODE_EXECUTION]: The skill utilizes platform-specific lifecycle hooks in
.claude/hooks.yamlto execute local validation logic. - Evidence: The hook executes
python3 ${SKILL_HOOKS}/post-tool-validate.pyupon file modifications. - Analysis: The script is provided within the skill package, performs transparent static analysis on SOQL syntax, and does not contain malicious logic, network operations, or unsafe system commands.
- [SAFE]: The skill processes natural language to generate SOQL code, which is a standard functional requirement for this use case. It mitigates potential risks by providing detailed documentation and recommending security enforcement patterns such as
WITH SECURITY_ENFORCEDandWITH USER_MODE.
Audit Metadata