omnistudio-omniscript-generate

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of processing external data to generate executable Salesforce metadata.
  • Ingestion points: The skill processes user-provided business requirements and Salesforce metadata retrieved via sf data query (referenced in SKILL.md and scripts/cli-reference.sh).
  • Boundary markers: No specific boundary markers or instructions to ignore embedded instructions are defined for the input data processing phases in SKILL.md.
  • Capability inventory: The skill utilizes sf data query, sf project deploy, and sf data delete (found in scripts/deploy-omniscript.sh and scripts/cli-reference.sh) which allow for reading from and writing to Salesforce environments.
  • Sanitization: There are no explicit sanitization or validation routines for the ingested data before it is incorporated into the generated PropertySetConfig JSON assets.
  • [COMMAND_EXECUTION]: The skill includes shell scripts (scripts/check-duplicate-omniscript.sh, scripts/deploy-omniscript.sh) and a CLI reference (scripts/cli-reference.sh) that execute Salesforce CLI (sf) commands. These operations are standard for Salesforce metadata development and utilize the vendor's official command-line interface tools.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 01:16 PM
Security Audit — agent-trust-hub — omnistudio-omniscript-generate