testing-agentforce
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill orchestrates the Salesforce CLI (sf) to manage agent preview sessions, deploy test metadata, and retrieve execution results (SKILL.md, references/preview-testing.md, references/batch-testing.md).
- [CREDENTIALS_UNSAFE]: Programmatically retrieves Salesforce access tokens using sf org display and passes them to curl for authenticated API requests against Salesforce service endpoints. This represents normal vendor functionality for local testing and debugging (references/action-execution.md).
- [PROMPT_INJECTION]: Contains explicit instructions and YAML specifications with adversarial test payloads (e.g., requests to reveal system instructions or bypass safety filters). These are used as negative test cases to validate the safety guardrails of other AI agents (assets/guardrail-test-spec.yaml, references/preview-testing.md).
- [DATA_EXFILTRATION]: Performs network requests via curl to communicate with Salesforce-owned domains (e.g., *.salesforce.com) to execute and verify agent actions as part of the testing process (references/action-execution.md).
- [COMMAND_EXECUTION]: Employs inline Python scripts (python3 -c) to sanitize CLI output and process JSON data safely, specifically addressing control characters in shell responses (SKILL.md, references/troubleshooting.md).
- [PROMPT_INJECTION]: Presents a surface for indirect prompt injection by processing external agent definitions and test specifications to derive test cases. 1. Ingestion points: .agent files and YAML test specification files (SKILL.md); 2. Boundary markers: Absent; 3. Capability inventory: Subprocess execution via sf CLI, network requests via curl, and dynamic script execution via python3; 4. Sanitization: Absent. This surface is consistent with the skill's purpose as a configuration-driven testing utility.
Audit Metadata