sf-ai-agentforce-grid
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses Node.js scripts to automate the Salesforce CLI (sf). It implements security controls by validating target org aliases against a restrictive regular expression and using argument arrays with spawnSync to avoid shell injection vulnerabilities.- [SAFE]: The skill includes a robust handling pattern for untrusted content. It uses a wrapUntrustedGridData utility to add metadata to data retrieved from Salesforce, which instructs the agent to treat it as data rather than instructions. No signs of malicious obfuscation, unauthorized data exfiltration, or hardcoded credentials were detected.
Audit Metadata