sf-security

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill instructs the agent to dynamically retrieve external content, creating a surface for indirect prompt injection.
  • Ingestion points: The skill explicitly directs the agent in SKILL.md to use WebSearch for security guides (e.g., "Salesforce SLAS OAuth 2.1 security guide 2026") and WebFetch to retrieve official documentation.
  • Boundary markers: No explicit delimiters or instructions are provided to the agent to distinguish between the fetched external documentation and its own internal instructions, nor are there warnings to ignore potentially malicious embedded instructions in the retrieved text.
  • Capability inventory: The skill's environment grants access to high-privilege tools such as Bash, Write, and Edit, which could be misused if the agent inadvertently follows instructions hidden in the fetched documentation.
  • Sanitization: No sanitization, validation, or filtering of the content retrieved from external URLs is mentioned or required before the agent processes it.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 02:50 PM
Security Audit — agent-trust-hub — sf-security