testing-agentforce
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill facilitates automated testing of Salesforce agents using the official Salesforce CLI (
sf),jq, andpython3. These are standard tools for Salesforce development. - [SAFE]: Documentation and asset files (
assets/guardrail-test-spec.yaml,references/preview-testing.md) contain examples of prompt injection and system prompt extraction. These are explicitly labeled as 'safety probes' and 'adversarial utterances' for the purpose of testing the agent's guardrails, which aligns with the skill's primary function. - [SAFE]: Credentials and session tokens are managed locally via
sf org display, which is a secure and standard practice for Salesforce CLI-based tooling. - [SAFE]: The skill incorporates safety checks, including warnings when running actions against production environments and guidance on avoiding the use of real PII in test data.
- [SAFE]: Python scripts used within the skill are limited to parsing JSON and cleaning control characters from CLI output, with no evidence of dynamic code execution from untrusted sources.
Audit Metadata