sf-debug
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Salesforce CLI (
sf) to list, retrieve, and tail debug logs, and to manage Salesforce records for cleanup purposes. It includes shell scripts for automation that utilize standard utilities likejqandrgto process CLI output.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its primary function is to ingest and analyze Salesforce debug logs, which are external data sources that could be influenced by an attacker.\n - Ingestion points: Debug logs are retrieved from Salesforce orgs via
sf apex get logandsf apex tail logas documented inSKILL.mdandreferences/cli-commands.md.\n - Boundary markers: The instructions do not define delimiters or specific 'ignore' patterns to separate log content from agent instructions.\n
- Capability inventory: The skill has the capability to execute shell commands and interact with Salesforce orgs, which could be abused if malicious instructions in a log file were followed.\n
- Sanitization: There is no evidence of log content sanitization or validation before processing.
Audit Metadata