The Agent Skills Directory

[DATA_EXPOSURE_&_EXFILTRATION]: The skill accesses production session data, conversation messages, and LLM traces from Salesforce Data Cloud. This data access is the primary intended purpose of the skill (observability) and is conducted using authenticated Salesforce CLI commands and a dedicated Apex service class. No unauthorized external network calls were found.
[COMMAND_EXECUTION]: The skill frequently uses sf CLI commands to query the org, retrieve/deploy metadata, and run agent previews. It also uses standard shell utilities like grep, find, and python3 (for JSON processing). These operations are well-scoped to the task of Salesforce development and troubleshooting.
[REMOTE_CODE_EXECUTION]: The skill deploys an Apex class (AgentforceOptimizeService.cls) and executes anonymous Apex via the CLI to perform Data Cloud queries. This is a common pattern for automation skills requiring platform-specific capabilities. The code is provided within the skill package and is executed within the user's authenticated Salesforce environment.
[INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data in the form of historical user messages from session traces. There is a theoretical surface where malicious instructions in a trace could influence the agent's analysis, but the risk is low as the agent uses this data primarily for reconstruction and diagnostic presentation rather than direct decision-making with high-privilege consequences.
[DYNAMIC_EXECUTION]: The skill generates and executes SQL/SOQL queries dynamically based on user parameters (e.g., agent name, date range). It correctly employs String.escapeSingleQuotes in the Apex helper class to prevent query injection attacks.

agentforce-observe