investigating-agentforce-architecture
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
sfCLI to query Salesforce metadata. Command execution is performed viasubprocess.runusing structured YAML recipes. All user-supplied inputs (org alias, agent API name, version) are regex-validated by a dedicated safety guard (scripts/_shared/fs_guard.py) to prevent shell injection. - [CREDENTIALS_UNSAFE]: The skill implements robust credential handling. A central REST client (
scripts/rest_client.py) automatically redacts Salesforce access tokens from error messages and logs. It also includes a custom redirect handler that strips Authorization headers when crossing host boundaries. - [SAFE]: Analysis found no evidence of prompt injection, data exfiltration to unauthorized domains, or persistence mechanisms. The skill operates within restricted local data and cache directories (
~/.vibe/dataand~/.vibe/cache).
Audit Metadata