The Agent Skills Directory

[SAFE]: The skill documents Agentforce agent architecture by querying Salesforce metadata (Flows, Apex, Prompts) via the official Salesforce CLI (sf). Analysis of the skill reveals a security-first design with multiple defensive layers:
[CREDENTIALS_UNSAFE]: No hardcoded credentials were found. The skill retrieves temporary access tokens via the sf CLI. Both the REST client and the CLI wrapper include automated redaction logic (using regular expressions) to ensure tokens never appear in logs, error messages, or tracebacks.
[EXTERNAL_DOWNLOADS]: Network operations are restricted to Salesforce's official APIs (Tooling and Data REST APIs) and metadata retrieval via the sf CLI. These are standard operations for Salesforce development tools and target well-known, trusted domains.
[COMMAND_EXECUTION]: Command execution is handled securely through the sf_cli.py wrapper, which uses subprocess.run with list-based arguments to prevent shell injection. All parameters are validated at the skill boundary.
[DATA_EXFILTRATION]: No data exfiltration patterns were detected. The skill processes metadata to generate local documentation files. It includes a custom redirect handler that strips authorization headers if a request is redirected to a different host, preventing token leakage.
[PROMPT_INJECTION]: The skill instructions in SKILL.md focus on pipeline orchestration and input validation. No instructions attempting to bypass AI safety guidelines or override system prompts were identified.
[DYNAMIC_EXECUTION]: The skill uses yaml.safe_load for parsing configuration and SOQL templates with strict substitution validation, effectively mitigating injection and dynamic execution risks.

investigating-agentforce-architecture