Skills
skills/forcedotcom/afv-library/integration-connectivity-connected-app-configure/Gen Agent Trust Hub

integration-connectivity-connected-app-configure

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute Salesforce CLI (sf) commands (e.g., sf project retrieve, sf project deploy) for metadata management. It also provides curl examples for testing OAuth flows. These operations are essential and legitimate for its primary function.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it reads local metadata files (.xml) to perform security scoring and migration tasks.\n
  • Ingestion points: Metadata files are located using Glob and Grep and read via the Read tool in the scoring and migration workflows.\n
  • Boundary markers: No explicit delimiters are defined in the instructions to isolate untrusted file content from prompt instructions.\n
  • Capability inventory: The skill has access to the Bash tool (for command execution) and the Write/Edit tools (for file modification).\n
  • Sanitization: No specific sanitization or validation of the ingested XML content is mandated, though the risk is negligible given the skill's developer-focused scope and clear security guidelines.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 12:31 PM
Security Audit — agent-trust-hub — integration-connectivity-connected-app-configure