sf-data
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill ingests external data which could contain malicious instructions designed to influence agent behavior.
- Ingestion points: The skill processes user-supplied SOQL queries and data files from the
assets/csv/andassets/json/directories. - Boundary markers: Absent; the instructions do not explicitly tell the agent to ignore natural language commands found within the data fields.
- Capability inventory: The skill can execute arbitrary Apex code via
sf apex run, perform bulk data imports/deletions, and execute SOQL queries against a remote org. - Sanitization: A Python validator (
hooks/scripts/soql_validator.py) is used to check SOQL syntax and efficiency, but no dedicated sanitization exists for natural language instructions in data. - [SAFE]: Analysis of SKILL.md and all 49 referenced files found no evidence of direct prompt injection, obfuscation, or malicious persistence mechanisms.
- [SAFE]: No hardcoded credentials or sensitive data exfiltration patterns were detected. Placeholders (e.g., '001XXXXXXXXXXXX') and example domains (e.g., 'example.com') are used for all test data templates.
Audit Metadata