securing-agentforce
Pass
Audited by Gen Agent Trust Hub on Jun 25, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill documentation and asset files (e.g.,
SKILL.md,references/owasp-categories.md, andassets/payloads/*.yaml) contain numerous adversarial test strings such as "Ignore all previous instructions". These are clearly identified as data for testing target agents and are not interpreted as instructions for the agent executing the skill. - [COMMAND_EXECUTION]: The skill performs various command-line operations using the
sfCLI and local Python scripts. This includes querying Salesforce metadata, managing agent preview sessions, and running report generation logic. These operations are standard for a Salesforce-integrated development tool. - [EXTERNAL_DOWNLOADS]: The skill requires the
pyyamlPython package for parsing test configurations, which is a standard library for YAML processing. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface in its dynamic test generation feature, where it reads and processes external agent configuration files (
.agent). This is a documented part of the workflow designed to create targeted security tests based on the agent's specific capabilities.
Audit Metadata