Skills
skills/forcedotcom/sf-skills/configuring-test-provider/Gen Agent Trust Hub

configuring-test-provider

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the sf api request command to perform REST API calls to Salesforce. This is standard functionality for DevOps Center configuration and depends on a previously authenticated org alias.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes external data from API responses to drive subsequent actions.
  • Ingestion points: JSON output from the testProviders API call in SKILL.md.
  • Boundary markers: Not explicitly used for the tool output.
  • Capability inventory: Subsequent POST request used to configure providers in SKILL.md.
  • Sanitization: The skill relies on agent logic to extract specific fields and includes a mandatory human-in-the-loop confirmation gate in Step 2 to mitigate potential risks from malicious data.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 07:40 PM
Security Audit — agent-trust-hub — configuring-test-provider