sf-data
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on executing Salesforce CLI (
sf) commands to perform all remote data operations (queries, inserts, deletes). This is the intended behavior for interacting with Salesforce environments. - [COMMAND_EXECUTION]: The skill generates anonymous Apex scripts based on templates and executes them using
sf apex run. This allows for complex data setup and cleanup but involves runtime code execution via the local shell. - [PROMPT_INJECTION]: The skill processes untrusted external data sources such as CSV and JSON files, which are then used in DML operations and SOQL queries, representing an indirect prompt injection surface.
- Ingestion points: Data is read from files in
assets/csv/,assets/json/, andassets/soql/during runtime operations to populate Salesforce records. - Boundary markers: Absent. The skill processes these files as data structures without explicit delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill has access to
sf data query,sf data import, andsf apex run, which provide substantial read/write/execute access to the target Salesforce organization. - Sanitization: Validation hooks exist (
hooks/scripts/post-write-validate.py) which provide scoring and advisory feedback on query efficiency and bulk safety, though they do not strictly sanitize data content for adversarial injection patterns.
Audit Metadata