Skills
skills/forcedotcom/afv-library/automation-flow-generate/Gen Agent Trust Hub

automation-flow-generate

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted inputs from the user and the local environment without sanitization.
  • Ingestion points: The skill ingests natural language requests from the user via the userPrompt parameter and object metadata from the local sfdx project via the inflightMetadata parameter.
  • Boundary markers: Absent. There are no instructions for the agent to use delimiters or warnings to ignore potentially malicious instructions embedded within the processed inputs.
  • Capability inventory: The skill uses the execute_metadata_action tool to perform metadata analysis and generate XML-based Salesforce Flows.
  • Sanitization: Absent. No input validation, escaping, or filtering is specified for the data passed to the tools.
  • Oversight Reduction: The instructions explicitly direct the agent to "NEVER pause or ask the user to confirm continuation" and to "not stop" until a process is complete regardless of the number of iterations, which suppresses human-in-the-loop oversight for automated operations.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 12:31 PM
Security Audit — agent-trust-hub — automation-flow-generate