The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses subprocess.run in scripts/auth.py to call the Salesforce CLI (sf) to fetch organization metadata. This is standard behavior for Salesforce automation tools and is implemented using secure argument lists rather than shell execution to prevent command injection.
[DATA_EXPOSURE]: To facilitate authentication, the skill accesses private RSA keys from the standard Salesforce CLI directory (~/.sf/jwt/). This access is localized and used solely for signing JWT assertions required for Data Cloud API connectivity, following standard Salesforce development practices.
[INDIRECT_PROMPT_INJECTION]: The skill processes external telemetry and message data retrieved from Salesforce APIs. While this is the intended function for observability, it inherently means the agent processes data that could contain malicious instructions if the source telemetry was tampered with.

sf-ai-agentforce-observability