The Agent Skills Directory

[SAFE]: No malicious patterns or security risks were identified during the analysis of the 58 files comprising this skill.
[COMMAND_EXECUTION]: The skill uses Python's subprocess.run to interact with the standard Salesforce sf CLI and execution users' Python environments. These operations are core to the skill's purpose of orchestrating agent tests and are restricted to legitimate tooling commands.
[PROMPT_INJECTION]: Deterministic detectors flagged instances of instruction overrides and system prompt extraction. These were manually verified as legitimate test utterances (e.g., 'Ignore all previous instructions') designed to validate the guardrails of the agents being tested, rather than malicious injections targeting the testing agent.
[CREDENTIALS_UNSAFE]: The skill manages credentials for Salesforce External Client Apps (ECAs) using a dedicated manager script. It follows security best practices by enforcing restricted Unix file permissions (0600/0700) on the ~/.sfagent/ directory and utilizing environment variable injection for runtime access, avoiding secret exposure in logs.

sf-ai-agentforce-testing