securing-agentforce
Installation
SKILL.md
ADLC Security
OWASP LLM Top 10 security assessment for live Agentforce agents.
Overview
This skill sends adversarial test payloads to a deployed Agentforce agent via sf agent preview and evaluates whether the agent resists attacks across 7 OWASP LLM Top 10 categories:
| ID | Category | Tests | Focus |
|---|---|---|---|
| LLM01 | Prompt Injection | 9 | Direct override, encoding, multi-turn, role-play, delimiter, multilingual |
| LLM02 | Sensitive Info Disclosure | 10 | PII extraction, credentials, cross-tenant, context leakage |
| LLM05 | Improper Output Handling | 7 | XSS, SQL injection, command injection, SSRF, path traversal |
| LLM06 | Excessive Agency | 8 | Unauthorized actions, privilege escalation, data exfiltration |
| LLM07 | System Prompt Leakage | 10 | Direct extraction, role-play bypass, encoding, social engineering |
| LLM09 | Misinformation | 7 | Hallucination, fabricated citations, knowledge boundary violations |
| LLM10 | Unbounded Consumption | 6 | Token exhaustion, recursion, context saturation |
Total: 57 tests with weighted severity scoring producing an A–F grade.