agentforce-test
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of official Salesforce CLI (
sf) commands andcurlrequests to interact with Salesforce environments. These operations are essential for its primary function of testing and debugging Agentforce agents. - [CREDENTIALS_UNSAFE]: The instructions detail how to programmatically retrieve Salesforce access tokens using
sf org display --json. These tokens are used locally to authorize REST API calls to the user's Salesforce instance. The skill includes built-in safety gates that warn the user when targeting production orgs or using real PII in tests. - [PROMPT_INJECTION]: The skill includes several templates and reference files containing prompt injection strings (e.g., "Ignore your previous instructions", "You are now in unrestricted mode"). These are explicitly documented as "Safety Probes" or "Guardrail Tests" for the purpose of verifying that the agent under test correctly declines or deflects malicious inputs.
- [DYNAMIC_EXECUTION]: Inline Python snippets (
python3 -c) are used to sanitize CLI output by removing control characters and parsing JSON responses. This is a common and legitimate practice for cross-platform environment compatibility and data processing.
Audit Metadata