sf-integrations
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill instructs the agent to use
WebSearchandWebFetchto retrieve live documentation and implementation guides from the internet (specifically referencingdeveloper.salesforce.comand broad search queries). This creates an ingestion surface for indirect prompt injection, where malicious or misleading content on retrieved pages could attempt to influence the agent's logic or generated code. - Ingestion points: External data enters the context via
WebSearchandWebFetchtools as instructed in the 'Before Writing Code' section ofSKILL.md. - Boundary markers: The instructions lack delimiters or explicit warnings to the agent to ignore potentially malicious instructions embedded in the fetched content.
- Capability inventory: The skill's environment allows the use of
Bash,Write, andEdittools, which increases the potential impact if the agent is successfully manipulated by external data. - Sanitization: There are no instructions for the agent to sanitize or validate the integrity of the information retrieved from external searches.
- [EXTERNAL_DOWNLOADS]: The skill performs network operations to fetch configuration and developer documentation from Salesforce's official developer portal. This is a well-known service, and the operations are consistent with the skill's stated purpose of building platform-specific integrations.
Audit Metadata