observing-agentforce
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill provides a robust framework for monitoring and improving Salesforce agents using standard platform tools and following established development practices. No malicious code or exfiltration patterns were identified.\n- [COMMAND_EXECUTION]: The skill uses shell commands to interact with the Salesforce CLI (sf) for metadata management and data retrieval. These operations are scoped to the user's project directory and authorized Salesforce orgs.\n- [COMMAND_EXECUTION]: The skill generates and executes Apex code snippets via sf apex run to interact with its deployed service class. This is an intended mechanism for extending CLI capabilities into the Salesforce runtime and includes proper escaping for query parameters.\n- [SAFE]: The skill accesses and processes conversation logs and session telemetry. All data handling is performed locally within the project's temporary directories or the authorized Salesforce environment, with no transmission to unauthorized external domains.\n- [PROMPT_INJECTION]: The skill processes untrusted historical conversation data to identify agent failures, which represents an indirect prompt injection surface. However, the risk is minimal given the technical nature of the task and the lack of exploitable automated actions based on the content.\n
- Ingestion points: Conversational text retrieved from ssot__AiAgentInteractionMessage__dlm via the AgentforceOptimizeService class.\n
- Boundary markers: None explicitly used during the automated classification of trace data.\n
- Capability inventory: Metadata deployment (sf project deploy), command execution (sf apex run), and file modification (Edit tool).\n
- Sanitization: SQL/SOQL parameters are sanitized using String.escapeSingleQuotes() in the Apex service layer.
Audit Metadata