agentforce-generate
Pass
Audited by Gen Agent Trust Hub on Jul 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Salesforce CLI (sf) to perform operations such as querying organization metadata, deploying project source code, and managing agent bundles. This is the primary mechanism for interacting with the Salesforce environment.
- [PROMPT_INJECTION]: The skill includes instructions to optimize workflow efficiency by reducing human oversight. Specifically, 'Rule 5: Don't stall' directs the agent to automatically proceed to the next step in a sequence unless it hits a predefined approval gate. This increases the agent's autonomy when executing high-privilege commands.
- [PROMPT_INJECTION]: The skill provides detailed guidance and specific instructions for hardening generated agents against prompt injection and jailbreaking, instructing them to disregard user attempts to override system rules or reveal configuration details.
- [SAFE]: The skill generates and deploys Apex source code at runtime using standard Salesforce CLI templating and deployment tools. This dynamic execution surface is documented as the intended functional purpose for assisting developers with code authoring.
Audit Metadata