sf-ai-agentforce-observability
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local commands via
subprocess.runto interact with the Salesforce CLI (sf org display). This is used solely for discovering org metadata such as instance URLs and usernames to facilitate authentication. - [EXTERNAL_DOWNLOADS]: Telemetry data is retrieved from official Salesforce Data Cloud API endpoints (
login.salesforce.com,test.salesforce.com, and instance-specific hostnames). These are well-known, trusted service domains. - [CREDENTIALS_UNSAFE]: While the skill manages authentication credentials, it does so using a standard JWT Bearer flow. It provides instructions for users to generate their own RSA keys and store them in a secure local directory (
~/.sf/jwt/). No hardcoded secrets or sensitive credential exposure patterns were found.
Audit Metadata