salesforce
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The skill instructs the agent to help the user store their Salesforce username, password, and security token in cleartext inside the ~/.zshrc file. This practice creates a persistent security risk as credentials stored in shell profiles are readable by any local process and can be accidentally exposed via backups or logs.
- [COMMAND_EXECUTION] (MEDIUM): The skill relies on executing Python logic through 'python3 -c' shell commands. This pattern is susceptible to command injection if the agent interpolates unsanitized user input into the code strings.
- [EXTERNAL_DOWNLOADS] (LOW): The skill installs the 'simple-salesforce' library from PyPI and suggests system-level installations using sudo apt-get, which introduces external dependencies.
- [Indirect Prompt Injection] (LOW): The skill processes data from Salesforce (Accounts, Contacts, etc.) which are untrusted external sources. Evidence: 1. Ingestion points: Salesforce record data fetched via sf.query (SKILL.md). 2. Boundary markers: Absent; instructions focus on formatting rather than isolating external content. 3. Capability inventory: Command execution via python3. 4. Sanitization: Absent.
Recommendations
- AI detected serious security threats
Audit Metadata