sf-ai-agentforce-grid
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses Node.js scripts to automate Salesforce CLI (sf) operations via child_process.spawnSync.\n
- Evidence: Found in scripts/grid_rest_utils.mjs and used by scripts/grid_api_request.mjs, scripts/grid_smoke_test.mjs, and scripts/worksheet_to_rows.mjs.\n
- Mitigations: The scripts implement validation for target org aliases (SAFE_TARGET_ORG_RE) and API paths (ensureGridPath) to prevent command injection. It also uses temporary files to pass JSON bodies, avoiding shell quoting issues.\n- [PROMPT_INJECTION]: The skill identifies and mitigates the risk of indirect prompt injection from data retrieved from Salesforce orgs.\n
- Ingestion points: Data is ingested from Salesforce worksheets and workbook metadata via the sf api request rest command in scripts/worksheet_to_rows.mjs.\n
- Boundary markers: SKILL.md contains a 'Prompt Injection Guardrails' section. Additionally, the wrapUntrustedGridData function in scripts/grid_rest_utils.mjs wraps API responses in a trustBoundary object with explicit handling instructions for the agent.\n
- Capability inventory: The skill can perform network requests and data modifications within the Salesforce environment through the authenticated sf CLI.\n
- Sanitization: The sanitizeForAgent function in scripts/grid_rest_utils.mjs filters control characters and truncates long strings to manage the data context safely.
Audit Metadata