sf-testing

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it encourages the agent to retrieve and process external information via WebSearch and WebFetch without safety boundaries. \n
  • Ingestion points: SKILL.md (steps to fetch live documentation and LWC guides). \n
  • Boundary markers: Absent. The instructions do not specify how to distinguish between trusted instructions and untrusted data from the web. \n
  • Capability inventory: Bash, Write, Edit, Grep, Glob (as defined in allowed-tools in SKILL.md). \n
  • Sanitization: Absent. No sanitization or validation logic is described for the content retrieved from external URLs.\n- [COMMAND_EXECUTION]: The skill contains multiple shell command templates for the Salesforce CLI (sf) and sfcc-ci, intended to be run using the Bash tool for project deployment and test execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 02:51 PM
Security Audit — agent-trust-hub — sf-testing