jaganpro/sf-metadata
skills/sf-metadata/SKILL.md
Salesforce metadata generation and querying with 120-point scoring. TRIGGER when: user creates custom objects, fields, validation rules, or touches .object-meta.xml, .field-meta.xml, .profile-meta.xml files. DO NOT TRIGGER when: permission set analysis (use sf-permissions), deploying metadata (use sf-deploy), or Flow XML (use sf-flow).
$ install --global
skillsauthnpx skillsauth add jaganpro/sf-skills sf-metadataInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 22, 2026, 8:01 PM63.7s19 files scanned
SKILL.md
- name:
- sf-metadata
- description:
- >
- TRIGGER when:
- user creates custom objects, fields, validation rules, or touches
- DO NOT TRIGGER when:
- permission set analysis (use sf-permissions), deploying
- license:
- MIT
- version:
- 1.2.0
- author:
- Jag Valaiyapathy
- scoring:
- 120 points across 6 categories
sf-metadata: Salesforce Metadata Generation and Org Querying
Use this skill when the user needs metadata definition or org metadata discovery: custom objects, fields, validation rules, record types, page layouts, permission sets, or schema inspection with sf CLI.
When This Skill Owns the Task
Use sf-metadata when the work involves:
- object, field, validation rule, record type, layout, profile, or permission-set metadata
.object-meta.xml,.field-meta.xml,.profile-meta.xml, and related metadata files- describing schema before coding or Flow work
- generating metadata XML from requirements
Delegate elsewhere when the user is:
- analyzing permission access rather than defining metadata → sf-permissions
- deploying metadata → sf-deploy
- editing Flow XML → sf-flow
Required Context to Gather First
Ask for or infer:
- whether the user wants generation or querying
- metadata type(s) involved
- target object / field / package directory
- target org alias if querying is required
- whether new custom objects or fields should also include permission-set / FLS generation
Unless the user explicitly opts out, assume new custom objects or fields need permission-set follow-up.
Recommended Workflow
1. Choose the mode
| Mode | Use when | |---|---| | generation | the user wants new or updated metadata XML | | querying | the user needs object / field / metadata discovery |
2. Start from templates or CLI describe data
For generation, use the assets under:
assets/objects/assets/fields/assets/permission-sets/assets/profiles/assets/record-types/assets/validation-rules/assets/layouts/
For querying, prefer sf metadata and sobject describe commands.
Recent SDR/CLI support worth knowing when reading older examples: CnfgItemSourceDefinition, ExtlClntAppOauthSecuritySettings, and UIBundle are now source-supported under their current names. See references/metadata-types-reference.md.
3. Validate metadata quality
Check:
- naming conventions
- structural correctness
- field-type fit
- security / FLS implications
- downstream deployment dependencies
4. Plan permission impact by default
When new custom fields or objects are created:
- default to generating or updating a Permission Set unless the user opts out
- include
fieldPermissionsfor eligible custom fields - note any metadata categories that are excluded because Salesforce treats them as system-managed or always-available
- remember that object CRUD alone does not make custom fields visible
5. Hand off deployment
Use sf-deploy when the user needs the metadata rolled out.
High-Signal Rules
- field-level security is often the hidden blocker after deployment
- object permissions ≠ field permissions
- prefer permission sets over profile-centric access patterns
- generate Permission Set follow-up by default for new custom objects and fields
- include
fieldPermissionsfor eligible custom fields instead of leaving FLS as a manual afterthought - avoid hardcoded IDs in formulas or metadata logic
- validation rules should have intentional bypass strategy when operationally necessary
- create metadata before attempting Flow or data tasks that depend on it
Output Format
When finishing, report in this order:
- Metadata created or queried
- Files created or updated
- Key schema/security decisions
- Permission / layout follow-ups
- Deploy next step
Suggested shape:
Metadata task: <generate / query>
Items: <objects, fields, rules, layouts, permsets>
Files: <paths>
Notes: <naming, field types, security, dependencies>
Next step: <deploy, assign permset, or verify in Setup>
Cross-Skill Integration
| Need | Delegate to | Reason | |---|---|---| | deploy metadata | sf-deploy | rollout and validation | | build Flows on new schema | sf-flow | declarative automation | | build Apex on new schema | sf-apex | code against metadata | | analyze permission access after creation | sf-permissions | access auditing | | seed data after deploy | sf-data | test data creation |
Reference Map
Start here
- references/field-and-cli-reference.md
- references/metadata-types-reference.md
- references/naming-conventions.md
- references/orchestration.md
Security / scoring / examples
- references/fls-best-practices.md
- references/permset-auto-generation.md
- references/best-practices-scoring.md
- references/field-types-guide.md
- references/field-types-example.md
- references/custom-object-example.md
- references/permission-set-example.md
- references/profile-permission-guide.md
- references/sf-cli-commands.md
- assets/
Score Guide
| Score | Meaning | |---|---| | 108+ | strong production-ready metadata | | 96–107 | good metadata with minor review items | | 84–95 | acceptable but validate carefully | | < 84 | block deployment until corrected |
Related Skills
jaganpro/sf-lwc
development
VerifiedTrustedCommunity
Lightning Web Components with PICKLES methodology and 165-point scoring. TRIGGER when: user creates/edits LWC components, touches lwc/**/*.js, .html, .css, .js-meta.xml files, or asks about wire service, SLDS, or Jest LWC tests. DO NOT TRIGGER when: Apex classes (use sf-apex), Aura components, or Visualforce.
394SKILL.mdUpdated Apr 5, 2026
jaganpro/sf-ai-agentforce-grid
tools
VerifiedTrustedCommunity
Use this skill whenever users want to build, inspect, debug, automate, or publish workflows in Agentforce Grid (AI Workbench) using Salesforce plus the Grid MCP or direct Grid REST calls. Trigger it for Grid workbook creation, worksheet setup, Object/Reference/AI/Agent/AgentTest/Evaluation/PromptTemplate/InvocableAction column design, prompt drafting inside Grid, worksheet execution troubleshooting, Grid YAML `apply_grid` specs, and Windows-specific Grid setup issues. Also use it when users mention AI Workbench, Grid Studio, workbook IDs, worksheet IDs, Grid Connect, or ask for recipes like "top opportunities with AI email drafts", "agent test suite in Grid", or "build this worksheet from YAML". Do not use it for generic Salesforce work unrelated to Agentforce Grid.
372SKILL.mdUpdated Apr 23, 2026
jaganpro/sf-flex-estimator
development
VerifiedTrustedCommunity
Salesforce Flex Credit estimation for Agentforce and Data Cloud workloads. TRIGGER when: user needs cost projections, scenario planning, budget sizing, or architecture tradeoff analysis for Agentforce prompts/actions, Data Cloud meters, or monthly Flex Credit usage. DO NOT TRIGGER when: user is building Agentforce metadata or .agent files themselves (use sf-ai-agentforce or sf-ai-agentscript), implementing Data Cloud assets (use sf-datacloud-*), or asking for contract-specific commercial approval that depends on non-public pricing terms.
366SKILL.mdUpdated Apr 22, 2026
jaganpro/sf-permissions
testing
VerifiedTrustedCommunity
Permission Set analysis, hierarchy viewer, and access auditing. TRIGGER when: user asks "who has access to X?", analyzes permission sets/groups, or touches .permissionset-meta.xml / .permissionsetgroup-meta.xml files. DO NOT TRIGGER when: creating new metadata (use sf-metadata), deploying permission sets (use sf-deploy), or Apex sharing logic (use sf-apex).
366SKILL.mdUpdated Apr 5, 2026