building-omnistudio-integration-procedure
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill is a legitimate developer tool for Salesforce OmniStudio, authored by the vendor (forcedotcom).
- [COMMAND_EXECUTION]: Uses the official Salesforce CLI (sf) for metadata deployment and querying. These are standard operations for Salesforce development and do not involve unauthorized command execution.
- [DATA_EXFILTRATION]: No evidence of unauthorized data exfiltration. The skill correctly identifies hardcoded credentials and IDs as security risks and recommends using Named Credentials and input variables.
- [PROMPT_INJECTION]: No prompt injection or behavior override patterns detected.
- [SAFE]: The architecture for handling external data within Integration Procedures includes defensive patterns such as namespacing and mandatory input validation, which mitigates indirect prompt injection risks.
Audit Metadata