salesforce
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The skill instructs users to install software by piping a remote script directly to bash (
curl -sSL https://canifi.com/skills/salesforce/install.sh | bash). This allows the remote server to execute arbitrary commands on the user's host machine. - [EXTERNAL_DOWNLOADS] (HIGH): The skill downloads and executes scripts from
canifi.com, a domain not listed as a trusted GitHub organization or repository. - [CREDENTIALS_UNSAFE] (HIGH): The setup process encourages storing sensitive information, including
SALESFORCE_PASSWORD,SALESFORCE_CLIENT_SECRET, andSALESFORCE_SECURITY_TOKEN, in environment variables via thecanifi-envtool. This exposes credentials to any local process that can read the environment. - [PROMPT_INJECTION] (LOW): The skill has a surface for indirect prompt injection (Category 8). 1. Ingestion points: Salesforce CRM data such as leads, accounts, and opportunities are processed by the agent. 2. Boundary markers: No boundary markers or instructions to ignore embedded commands are present. 3. Capability inventory: The skill can search, create, and update Salesforce records. 4. Sanitization: No evidence of data sanitization or validation of external API content.
Recommendations
- HIGH: Downloads and executes remote code from: https://canifi.com/install.sh, https://canifi.com/skills/salesforce/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata