sf-agentforce
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill functions as a documentation and tooling repository for Salesforce Agentforce development, following industry-standard practices for metadata-driven development.
- [COMMAND_EXECUTION]: The skill utilizes the Salesforce CLI (
sf) for legitimate operations such as validating, publishing, and activating agents. These activities are essential for the skill's purpose and are appropriately scoped to thesfcommand binary. - [DATA_EXFILTRATION]: Analysis of the provided SOQL queries and Apex snippets confirms they are used for platform observability and monitoring (e.g., Session Tracing Data Model). No mechanisms for unauthorized data transfer to external domains were identified.
- [INDIRECT_PROMPT_INJECTION]: While the skill involves processing configuration files and test specifications which represent an attack surface, this is inherent to its function as a development tool. The instructions emphasize the use of the Einstein Trust Layer, which provides built-in defenses against prompt injection and toxicity.
Audit Metadata