platform-agentsetup-categories-fetch

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFE
Full Analysis
  • [DATA_EXPOSURE]: The skill fetches metadata from a Salesforce organization. While this involves reading org-specific data, it uses the official Salesforce CLI (sf api request rest) and requires the user to have previously authenticated via sf org login. This is standard administrative behavior and does not represent unauthorized data exposure.
  • [COMMAND_EXECUTION]: The skill uses sf org display and sf api request rest. These are safe, well-known commands for Salesforce development and administration. No arbitrary command execution or shell injection vulnerabilities were detected.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests data from a Salesforce API (category labels and prompt text).
  • Ingestion points: API response parsing in SKILL.md (Step 3).
  • Boundary markers: None explicitly defined in the prompt instructions.
  • Capability inventory: Limited to Bash (SF CLI) and Read (local files).
  • Sanitization: No explicit sanitization of the fetched text is performed before presentation.
  • Assessment: While the fetched data (specifically the text field in PromptRepresentation) could theoretically contain instructions, the skill's restricted toolset and the fact that the data source is the user's own Salesforce environment make the risk negligible.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 03:27 PM
Security Audit — agent-trust-hub — platform-agentsetup-categories-fetch