omnistudio-omniscript-generate
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of processing external data to generate executable Salesforce metadata.
- Ingestion points: The skill processes user-provided business requirements and Salesforce metadata retrieved via
sf data query(referenced inSKILL.mdandscripts/cli-reference.sh). - Boundary markers: No specific boundary markers or instructions to ignore embedded instructions are defined for the input data processing phases in
SKILL.md. - Capability inventory: The skill utilizes
sf data query,sf project deploy, andsf data delete(found inscripts/deploy-omniscript.shandscripts/cli-reference.sh) which allow for reading from and writing to Salesforce environments. - Sanitization: There are no explicit sanitization or validation routines for the ingested data before it is incorporated into the generated PropertySetConfig JSON assets.
- [COMMAND_EXECUTION]: The skill includes shell scripts (
scripts/check-duplicate-omniscript.sh,scripts/deploy-omniscript.sh) and a CLI reference (scripts/cli-reference.sh) that execute Salesforce CLI (sf) commands. These operations are standard for Salesforce metadata development and utilize the vendor's official command-line interface tools.
Audit Metadata