securing-agentforce

Pass

Audited by Gen Agent Trust Hub on Jun 25, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill documentation and asset files (e.g., SKILL.md, references/owasp-categories.md, and assets/payloads/*.yaml) contain numerous adversarial test strings such as "Ignore all previous instructions". These are clearly identified as data for testing target agents and are not interpreted as instructions for the agent executing the skill.
  • [COMMAND_EXECUTION]: The skill performs various command-line operations using the sf CLI and local Python scripts. This includes querying Salesforce metadata, managing agent preview sessions, and running report generation logic. These operations are standard for a Salesforce-integrated development tool.
  • [EXTERNAL_DOWNLOADS]: The skill requires the pyyaml Python package for parsing test configurations, which is a standard library for YAML processing.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface in its dynamic test generation feature, where it reads and processes external agent configuration files (.agent). This is a documented part of the workflow designed to create targeted security tests based on the agent's specific capabilities.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 25, 2026, 09:34 PM
Security Audit — agent-trust-hub — securing-agentforce