Skills
skills/clientell-ai/salesforce-skills/sf-data/Gen Agent Trust Hub

sf-data

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is designed to ingest and process data from Salesforce orgs and local files, creating a surface for indirect prompt injection.
  • Ingestion points: Data is retrieved via sf data query and read from files such as accounts.csv, data/accounts.json, and data/plan.json (documented in SKILL.md).
  • Boundary markers: No specific delimiters or instructions are provided to ensure the agent ignores instructions potentially embedded in the data.
  • Capability inventory: The skill enables high-privilege operations including arbitrary Salesforce CLI commands (sf *), anonymous Apex execution (sf apex run), and bulk record deletion.
  • Sanitization: The instructions do not specify any validation or sanitization of the ingested data content.
  • [COMMAND_EXECUTION]: The skill requests access to the Bash tool to run Salesforce CLI (sf) commands. This allows the agent to perform administrative actions, such as querying and deleting records, which matches the skill's intended use case. It also facilitates the execution of local Apex scripts for data initialization.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 11:17 PM