analyzing-omnistudio-dependencies

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Salesforce CLI ('sf') to execute SOQL queries and REST API requests against user-authorized orgs. These commands are necessary to discover components like OmniScripts, FlexCards, and Data Mappers and to extract their configuration for analysis.
  • [SAFE]: All operations are focused on Salesforce metadata analysis and visualization. The skill does not attempt to exfiltrate data to unauthorized domains, escalate privileges, or download untrusted code. The patterns detected are consistent with the primary purpose of a Salesforce developer tool.
  • [PROMPT_INJECTION]: The skill analyzes metadata (JSON) from external Salesforce orgs which constitutes an ingestion point for potentially untrusted data. 1. Ingestion points: PropertySetConfig and DataSourceConfig JSON fields from OmniProcess and OmniUiCard records. 2. Boundary markers: No explicit boundary markers or safety instructions are defined for processing the metadata. 3. Capability inventory: Uses 'sf data query' and 'sf api request' for data retrieval. 4. Sanitization: Metadata is parsed as JSON but not explicitly sanitized for embedded instructions. While this represents a surface for indirect prompt injection, the risk is negligible within the context of a metadata analysis tool targeting professional developer environments.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 02:48 PM
Security Audit — agent-trust-hub — analyzing-omnistudio-dependencies