sf-testing
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it encourages the agent to retrieve and process external information via WebSearch and WebFetch without safety boundaries. \n
- Ingestion points: SKILL.md (steps to fetch live documentation and LWC guides). \n
- Boundary markers: Absent. The instructions do not specify how to distinguish between trusted instructions and untrusted data from the web. \n
- Capability inventory: Bash, Write, Edit, Grep, Glob (as defined in allowed-tools in SKILL.md). \n
- Sanitization: Absent. No sanitization or validation logic is described for the content retrieved from external URLs.\n- [COMMAND_EXECUTION]: The skill contains multiple shell command templates for the Salesforce CLI (sf) and sfcc-ci, intended to be run using the Bash tool for project deployment and test execution.
Audit Metadata