sf-integrations

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill instructs the agent to use WebSearch and WebFetch to retrieve live documentation and implementation guides from the internet (specifically referencing developer.salesforce.com and broad search queries). This creates an ingestion surface for indirect prompt injection, where malicious or misleading content on retrieved pages could attempt to influence the agent's logic or generated code.
  • Ingestion points: External data enters the context via WebSearch and WebFetch tools as instructed in the 'Before Writing Code' section of SKILL.md.
  • Boundary markers: The instructions lack delimiters or explicit warnings to the agent to ignore potentially malicious instructions embedded in the fetched content.
  • Capability inventory: The skill's environment allows the use of Bash, Write, and Edit tools, which increases the potential impact if the agent is successfully manipulated by external data.
  • Sanitization: There are no instructions for the agent to sanitize or validate the integrity of the information retrieved from external searches.
  • [EXTERNAL_DOWNLOADS]: The skill performs network operations to fetch configuration and developer documentation from Salesforce's official developer portal. This is a well-known service, and the operations are consistent with the skill's stated purpose of building platform-specific integrations.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 02:51 PM
Security Audit — agent-trust-hub — sf-integrations