integration-connectivity-connected-app-configure
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill enforces secure development practices, specifically prohibiting the commitment of consumer secrets to source control and requiring the use of specific HTTPS callback URLs instead of wildcards.
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill facilitates the review of existing Salesforce metadata by scanning and reading
.connectedApp-meta.xmland.eca-meta.xmlfiles. While no malicious behavior was detected, this ingestion of local project data represents an attack surface where a compromised file could attempt to influence agent logic during the review process. - [EXTERNAL_DOWNLOADS]: The skill provides examples for interacting with Salesforce OAuth endpoints (e.g., login.salesforce.com). These references target well-known, official services and are provided as user documentation for testing purposes.
Audit Metadata