sf-catalog

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect prompt injection surface identified.\n- Ingestion points: The skill instructs the agent to use WebSearch and WebFetch tools to retrieve live documentation in SKILL.md.\n- Boundary markers: The instructions do not include markers or warnings to disregard potential instructions embedded in the external content.\n- Capability inventory: The agent has access to Bash, Write, Edit, Read, Grep, and Glob tools.\n- Sanitization: No sanitization or validation of the fetched documentation is specified.- [SAFE]: No malicious command execution, data exfiltration, or obfuscation patterns were detected. The skill's behavior aligns with its stated purpose of managing Salesforce product data.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 02:51 PM
Security Audit — agent-trust-hub — sf-catalog