The Agent Skills Directory

[COMMAND_EXECUTION]: The helper scripts scripts/grid_api_request.mjs, scripts/grid_smoke_test.mjs, and scripts/worksheet_to_rows.mjs utilize child_process.execSync to run Salesforce CLI commands. These scripts concatenate the targetOrg command-line argument directly into the execution string without sanitization or escaping. This pattern allows for shell command injection if an agent or user provides a malicious string as the target organization alias.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted data from external sources. 1. Ingestion points: Salesforce record fields (e.g., Contact Name, Account Name, Opportunity Name) are fetched via Object and Reference columns. 2. Boundary markers: None; external data is directly interpolated into prompts using simple placeholders. 3. Capability inventory: The skill can execute shell commands via the sf CLI and perform network operations to Salesforce instances. 4. Sanitization: No validation or escaping is performed on the Salesforce data before interpolation into the AI's instructional context.

sf-ai-agentforce-grid