Skills
skills/forcedotcom/afv-library/creating-fix-work-item/Gen Agent Trust Hub

creating-fix-work-item

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect prompt injection risk. The skill processes external failure analysis data to generate the 'Subject' for a work item, which is then used in a shell command.\n
  • Ingestion points: 'Subject' and 'OwnerId' fields are populated from failure analysis and user lookups (SKILL.md).\n
  • Boundary markers: Includes a mandatory confirmation gate requiring the user to review values before execution (SKILL.md).\n
  • Capability inventory: Executes shell commands using the sf CLI to create records (SKILL.md).\n
  • Sanitization: No explicit technical sanitization or escaping of input strings is mentioned before interpolation into the CLI command.\n- [COMMAND_EXECUTION]: The skill generates and executes a shell command via the Salesforce CLI (sf). While this is a standard tool for the vendor (forcedotcom), the interpolation of potentially untrusted data into the --values flag without defined escaping logic presents a command injection surface.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 08:30 PM
Security Audit — agent-trust-hub — creating-fix-work-item