salesforce-policy-guardrails

Featured

Implement Salesforce lint rules, SOQL injection prevention, and API usage guardrails. Use when enforcing Salesforce integration code quality, preventing SOQL injection, or configuring CI policy checks for Salesforce best practices. Trigger with phrases like "salesforce policy", "salesforce lint", "salesforce guardrails", "SOQL injection", "salesforce eslint", "salesforce code review".

AI & Automation 2,266 stars 315 forks Updated today MIT

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Salesforce Policy & Guardrails ## Overview Automated policy enforcement for Salesforce integrations: SOQL injection prevention, API key leak detection, governor limit guardrails, and CI pipeline checks. ## Prerequisites - ESLint configured in project - jsforce TypeScript project - CI/CD pipeline with policy checks - Understanding of Salesforce security model ## Instructions ### Step 1: SOQL Injection Prevention ```typescript // CRITICAL: Never concatenate user input into SOQL strings // BAD — SOQL injection vulnerability async function findAccount(name: string) { return conn.query(`SELECT Id FROM Account WHERE Name = '${name}'`); // User input: "'; DELETE FROM Account; --" // Result: SOQL injection (though Salesforce doesn't support DELETE via SOQL, // user can still extract data with UNION-like techniques) } // GOOD — Escape special characters function escapeSoql(value: string): string { return value .replace(/\\/g, '\\\\') .replace(/'/g, "\\'") .replace(/"/g, '\\"') .replace(/%/g, '\\%') .replace(/_/g, '\\_'); } async function findAccountSafe(name: string) { const safeName = escapeSoql(name); return conn.query(`SELECT Id, Name FROM Account WHERE Name = '${safeName}'`); } // BEST — Use parameterized queries with jsforce // jsforce doesn't have native parameterized SOQL, so always use escapeSoql() // For Apex, use bind variables: // [SELECT Id FROM Account WHERE Name = :accountName] ``` ### Step 2: ESLint Rules for Salesfo...

Details

Author
jeremylongshore
Repository
jeremylongshore/claude-code-plugins-plus-skills
Created
7 months ago
Last Updated
today
Language
Python
License
MIT

Integrates with

Anthropic · AI

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Solid

salesforce-apex-quality

Apex code quality guardrails for Salesforce development. Enforces bulk-safety rules (no SOQL/DML in loops), sharing model requirements, CRUD/FLS security, SOQL injection prevention, PNB test coverage (Positive / Negative / Bulk), and modern Apex idioms. Use this skill when reviewing or generating Apex classes, trigger handlers, batch jobs, or test classes to catch governor limit risks, security gaps, and quality issues before deployment.

34,158 Updated yesterday
github
AI & Automation Featured

hubspot-policy-guardrails

Implement HubSpot lint rules, secret scanning, and CI policy checks. Use when setting up code quality rules for HubSpot integrations, preventing token leaks, or configuring CI guardrails. Trigger with phrases like "hubspot policy", "hubspot lint", "hubspot guardrails", "hubspot security check", "hubspot eslint rules".

2,266 Updated today
jeremylongshore
AI & Automation Featured

shopify-policy-guardrails

Implement Shopify app policy enforcement with ESLint rules for API key detection, query cost budgets, and App Store compliance checks. Trigger with phrases like "shopify policy", "shopify lint", "shopify guardrails", "shopify compliance", "shopify eslint", "shopify app review".

2,266 Updated today
jeremylongshore
AI & Automation Featured

salesforce-known-pitfalls

Identify and avoid Salesforce anti-patterns including SOQL N+1, governor limit violations, and API waste. Use when reviewing Salesforce code for issues, onboarding new developers, or auditing existing Salesforce integrations for best practices violations. Trigger with phrases like "salesforce mistakes", "salesforce anti-patterns", "salesforce pitfalls", "salesforce what not to do", "salesforce code review".

2,266 Updated today
jeremylongshore
AI & Automation Featured

figma-policy-guardrails

Enforce security policies and coding standards for Figma API integrations. Use when setting up linting rules for Figma tokens, preventing accidental credential leaks, or enforcing API usage best practices. Trigger with phrases like "figma policy", "figma lint", "figma guardrails", "figma security rules", "figma best practices check".

2,266 Updated today
jeremylongshore