omnistudio-omniscript-generate
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell scripts that use the Salesforce CLI (sf) for org interaction. Evidence: scripts/deploy-omniscript.sh and scripts/check-duplicate-omniscript.sh. Context: These commands are standard for Salesforce metadata deployment.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. 1. Ingestion points: Requirements such as Type and SubType provided by the user in SKILL.md. 2. Boundary markers: No explicit delimiters are used to wrap user data. 3. Capability inventory: Use of subprocesses via shell scripts to run Salesforce CLI commands. 4. Sanitization: The references/element-types.md file mentions a sanitize property for Text Block elements, but no validation is described for the generated JSON fields themselves.
Audit Metadata