sf-integration
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill documents the process for creating Salesforce External Services using OpenAPI specifications, which introduces a surface for indirect prompt injection where malicious instructions embedded in a specification could influence agent behavior.
- Ingestion points: OpenAPI specification ingestion described in SKILL.md.
- Boundary markers: No delimiters or specific instructions for the agent to ignore embedded commands in external schemas are provided.
- Capability inventory: The agent has tools for file system modification ('Write', 'Edit') and Salesforce metadata deployment ('Bash(sf *)').
- Sanitization: No validation or sanitization of ingested OpenAPI content is specified.
- [SAFE]: Metadata XML templates correctly use placeholders for sensitive information like client IDs and usernames, preventing accidental credential exposure.
- [SAFE]: Tool access is limited to the Salesforce CLI ('sf') and essential file operations, reducing the risk of unauthorized system activity.
Audit Metadata