platform-agentsetup-categories-fetch
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill fetches metadata from a Salesforce organization. While this involves reading org-specific data, it uses the official Salesforce CLI (
sf api request rest) and requires the user to have previously authenticated viasf org login. This is standard administrative behavior and does not represent unauthorized data exposure. - [COMMAND_EXECUTION]: The skill uses
sf org displayandsf api request rest. These are safe, well-known commands for Salesforce development and administration. No arbitrary command execution or shell injection vulnerabilities were detected. - [INDIRECT_PROMPT_INJECTION]: The skill ingests data from a Salesforce API (category labels and prompt text).
- Ingestion points: API response parsing in
SKILL.md(Step 3). - Boundary markers: None explicitly defined in the prompt instructions.
- Capability inventory: Limited to
Bash(SF CLI) andRead(local files). - Sanitization: No explicit sanitization of the fetched text is performed before presentation.
- Assessment: While the fetched data (specifically the
textfield inPromptRepresentation) could theoretically contain instructions, the skill's restricted toolset and the fact that the data source is the user's own Salesforce environment make the risk negligible.
Audit Metadata