sf-datamapper
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various Salesforce CLI (sf) commands to interact with Salesforce environments, including querying records, retrieving metadata, and deploying project files. These operations are core to the skill's purpose of managing OmniStudio components.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing external data sources such as existing Salesforce metadata and query results. This data is used to inform the agent's validation and generation logic.
- Ingestion points: Metadata from local OmniDataTransform files and results from sf data query commands.
- Boundary markers: Lacks explicit markers to separate untrusted metadata content from system instructions.
- Capability inventory: The skill can modify environment state using sf project deploy and sf api request commands.
- Sanitization: There are no documented procedures for sanitizing or escaping the content of processed metadata files before they are interpreted by the agent.
Audit Metadata