Skills
skills/forcedotcom/sf-skills/generating-flow/Gen Agent Trust Hub

generating-flow

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The instructions utilize strong imperative language (e.g., "MANDATORY", "No exceptions", "NEVER pause") to enforce a specific autonomous workflow. While this directs the agent to execute multiple tool calls without user intervention, the behavior is scoped to the generation of Salesforce metadata using the execute_metadata_action tool and does not attempt to override the underlying system's safety filters.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted user input and local project metadata to generate complex business logic (Salesforce Flows).
  • Ingestion points: User-provided natural language in userPrompt and custom object/field metadata scanned from the local project for inflightMetadata.
  • Boundary markers: There are no explicit delimiters or instructions to treat the interpolated userPrompt as data rather than instructions when passing it to the metadata actions.
  • Capability inventory: The skill uses the execute_metadata_action tool to fetch org schema, select flow elements, and generate XML metadata. It also performs repeated automated loops for element generation.
  • Sanitization: No validation or sanitization of the input content is performed before it is used to influence the generated XML logic.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 04:07 PM