PluginBench
Skill
Review
Audit score 70

building-sf-integrations

forcedotcom/sf-skills

How to install building-sf-integrations

npx skills add https://github.com/forcedotcom/sf-skills --skill building-sf-integrations
Claude Code
Cursor
Windsurf
Cline
Full instructions (SKILL.md)

Source of truth, from forcedotcom/sf-skills.


name: building-sf-integrations description: "Salesforce integration architecture and runtime plumbing with 120-point scoring. Use this skill to set up Named Credentials, External Credentials, External Services, REST/SOAP callout patterns, Platform Events, and Change Data Capture. TRIGGER when: user sets up Named Credentials, External Services, REST/SOAP callouts, Platform Events, CDC, or touches .namedCredential-meta.xml files. DO NOT TRIGGER when: Connected App/OAuth config (use configuring-connected-apps), Apex-only logic (use generating-apex), data import/export (use handling-sf-data), or CDC channel-membership metadata such as PlatformEventChannel, PlatformEventChannelMember, or EnrichedField (use managing-cdc-enablement)." metadata: version: "1.1"

building-sf-integrations: Salesforce Integration Patterns Expert

Use this skill when the user needs integration architecture and runtime plumbing: Named Credentials, External Credentials, External Services, REST/SOAP callout patterns, Platform Events, CDC, and event-driven integration design.

When This Skill Owns the Task

Use building-sf-integrations when the work involves:

  • .namedCredential-meta.xml or External Credential metadata
  • outbound REST/SOAP callouts
  • External Service registration from OpenAPI specs
  • Platform Events, CDC, and event-driven architecture
  • choosing sync vs async integration patterns

Delegate elsewhere when the user is:


Required Context to Gather First

Ask for or infer:

  • integration style: outbound callout, inbound event, External Service, CDC, platform event
  • auth method
  • sync vs async requirement
  • system endpoint / spec details
  • rate limits, retry expectations, and failure tolerance
  • whether this is net-new design or repair of an existing integration

Recommended Workflow

1. Choose the integration pattern

NeedDefault pattern
authenticated outbound API callNamed Credential / External Credential + Apex or Flow
spec-driven API clientExternal Service
trigger-originated calloutasync callout pattern
decoupled event publishingPlatform Events
change-stream consumptionCDC

2. Choose the auth model

Prefer secure runtime-managed auth:

  • Named Credentials / External Credentials
  • OAuth or JWT via the right credential model
  • no hardcoded secrets in code

3. Generate from the right templates

Use the provided assets under:

  • assets/named-credentials/
  • assets/external-credentials/
  • assets/external-services/
  • assets/callouts/
  • assets/platform-events/
  • assets/cdc/
  • assets/soap/

4. Validate operational safety

Check:

  • timeout and retry handling
  • async strategy for trigger-originated work
  • logging / observability
  • event retention and subscriber implications

5. Hand off deployment or implementation details

Use:


High-Signal Rules

  • never hardcode credentials
  • do not do synchronous callouts from triggers
  • define timeout behavior explicitly
  • plan retries for transient failures
  • use middleware / event-driven patterns when outbound volume is high
  • prefer External Credentials architecture for new development when supported

Common anti-patterns:

  • sync trigger callouts
  • no retry or dead-letter strategy
  • no request/response logging
  • mixing auth setup responsibilities with runtime integration design

Output Format

When finishing, report in this order:

  1. Integration pattern chosen
  2. Auth model chosen
  3. Files created or updated
  4. Operational safeguards
  5. Deployment / testing next step

Suggested shape:

Integration: <summary>
Pattern: <named credential / external service / event / cdc / callout>
Files: <paths>
Safety: <timeouts, retries, async, logging>
Next step: <deploy, register, test, or implement>

Cross-Skill Integration

NeedDelegate toReason
OAuth app setupconfiguring-connected-appsconsumer key / cert / app config
advanced callout service codegenerating-apexApex implementation
declarative HTTP callout / Flow wrappergenerating-flowFlow orchestration
deploy integration metadatadeploying-metadatavalidation and rollout
use integration from Agentforcedeveloping-agentforceagent action composition

Reference Map

Start here

Event-driven / platform patterns

CLI / automation / scoring

Asset templates

  • assets/named-credentials/ — Named Credential XML templates (OAuth, JWT, Certificate, Custom auth)
  • assets/external-credentials/ — External Credential XML templates (OAuth, JWT)
  • assets/external-services/ — External Service registration template and operations guide
  • assets/callouts/ — REST sync, Queueable, retry handler, and HTTP response handler Apex templates
  • assets/platform-events/ — Platform Event definition, publisher, and subscriber templates
  • assets/cdc/ — CDC handler and subscriber trigger templates
  • assets/soap/ — SOAP callout service template and wsdl2apex guide
  • assets/endpoint-security/ — Remote Site Setting and CSP Trusted Site XML templates

Automation hooks

  • hooks/scripts/suggest_credential_setup.py — auto-suggests credential configuration steps when integration files are detected
  • hooks/scripts/validate_integration.py — validates integration patterns before agent responses

Output Expectations

When this skill completes an integration task, it produces:

  1. Credential metadata — one or more files in assets/named-credentials/ or assets/external-credentials/ filled with org-specific values
  2. Callout Apex class — a .cls file using the Named Credential pattern, with async/sync pattern chosen based on context
  3. Event/CDC artifacts — Platform Event .object-meta.xml, subscriber trigger, or CDC config (when event-driven pattern is chosen)
  4. Endpoint security metadata — Remote Site Setting and/or CSP Trusted Site XML files
  5. Scoring report — 120-point score across 6 categories (Security, Error Handling, Bulkification, Architecture, Best Practices, Documentation)
  6. Next step — a deployment or testing instruction for the generated artifacts

Score Guide

ScoreMeaning
108+strong production-ready integration design
90–107good design with some hardening left
72–89workable but needs architectural review
< 72unsafe / incomplete for deployment

Related skills

More from forcedotcom/sf-skills and the wider catalog.

GE

generating-apex

forcedotcom/sf-skills

Primary Apex authoring skill for class generation, refactoring, and review. ALWAYS ACTIVATE when the user mentions Apex, .cls, triggers, or asks to create/refactor a class (service, selector, domain, batch, queueable, schedulable, invocable, DTO, utility, interface, abstract, exception, REST resource). Use this skill for requests involving SObject CRUD, mapping collections, fetching related records, scheduled jobs, batch jobs, trigger design, @AuraEnabled controllers, @RestResource endpoints, custom REST APIs, or code review of existing Apex.

2.6k installsAudited
GE

generating-apex-test

forcedotcom/sf-skills

Generate and validate Apex test classes with TestDataFactory patterns, bulk testing (251+ records), mocking strategies, assertion best practices, and disciplined test-fix loops. Use this skill when creating new Apex test classes, improving test coverage, debugging and fixing failing Apex tests, running test execution and coverage analysis, or implementing testing patterns for triggers, services, controllers, batch jobs, queueables, and integrations. Triggers on *Test.cls, *_Test.cls files, sf apex run test workflows, coverage reports, test-fix loops. Do NOT trigger for production Apex code (use generating-apex) or Jest/LWC tests.

2.6k installsAudited
GE

generating-lwc-components

forcedotcom/sf-skills

Lightning Web Components with PICKLES methodology and 165-point scoring. Use this skill when the user creates or edits LWC components, builds wire service patterns, or writes Jest tests for LWC. TRIGGER when: user creates/edits LWC components, touches lwc/**/*.js, .html, .css, .js-meta.xml files, or asks about wire service, SLDS, or Jest LWC tests. DO NOT TRIGGER when: Apex classes (use generating-apex), Aura components, or Visualforce.

2.6k installsAudited
GE

generating-flow

forcedotcom/sf-skills

Generate Salesforce Flows using the MCP tool execute_metadata_action. Use when the user asks to create, build, or generate a flow — including Screen, Autolaunched, Record-Triggered (before/after-save), Scheduled. Also trigger for flow-like requests such as \"when a record is created\", \"trigger daily at\", \"send an email when\", \"update the field when\", \"automate\", \"workflow\", or \"flow XML/metadata\". This is the only skill for Salesforce Flow generation.

2.5k installsAudited
QU

querying-soql

forcedotcom/sf-skills

SOQL query generation, optimization, and analysis with 100-point scoring. Use this skill when the user needs SOQL/SOSL authoring or optimization: natural-language-to-query generation, relationship queries, aggregates, query-plan analysis, and performance or safety improvements for Salesforce queries. TRIGGER when: user writes, optimizes, or debugs SOQL/SOSL queries, touches .soql files, or asks about relationship queries, aggregates, or query performance. DO NOT TRIGGER when: bulk data operations (use handling-sf-data), Apex DML logic (use generating-apex), or report/dashboard queries.

2.5k installsAudited
GE

generating-custom-object

forcedotcom/sf-skills

Use this skill when users need to create, generate, or validate Salesforce Custom Object metadata. Trigger when users mention custom objects, creating objects, object metadata, .object files, sharing models, name fields, or validation rules on objects. Also use when users say things like \"create a custom object\", \"generate object metadata\", \"set up an object for...\", or when they're troubleshooting object deployment errors especially around sharing models and Master-Detail relationships. Always use this skill for any custom object metadata work.

2.5k installsAudited