integration-connectivity-connected-app-configure

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill enforces secure development practices, specifically prohibiting the commitment of consumer secrets to source control and requiring the use of specific HTTPS callback URLs instead of wildcards.
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill facilitates the review of existing Salesforce metadata by scanning and reading .connectedApp-meta.xml and .eca-meta.xml files. While no malicious behavior was detected, this ingestion of local project data represents an attack surface where a compromised file could attempt to influence agent logic during the review process.
  • [EXTERNAL_DOWNLOADS]: The skill provides examples for interacting with Salesforce OAuth endpoints (e.g., login.salesforce.com). These references target well-known, official services and are provided as user documentation for testing purposes.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 12:50 PM
Security Audit — agent-trust-hub — integration-connectivity-connected-app-configure