sf-omniscript
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use the Salesforce CLI (sf) for querying Salesforce org data and deploying metadata (e.g., sf project deploy, sf data query). These commands are standard for Salesforce development workflows and target environments specified by the user.
- [EXTERNAL_DOWNLOADS]: Documentation and community resource links reference well-known and trusted domains such as help.salesforce.com, developer.salesforce.com, trailhead.salesforce.com, unofficialsf.com, and salesforceben.com. These are established sources for Salesforce technical guidance.
- [PROMPT_INJECTION]: The skill converts user-provided business requirements into structured JSON metadata, creating a surface for indirect prompt injection. 1. Ingestion points: User-provided requirements for OmniScript Type, SubType, and design logic defined in SKILL.md. 2. Boundary markers: Absent in the provided templates for requirement interpolation. 3. Capability inventory: Potential for command execution via Salesforce CLI subprocesses as suggested in SKILL.md. 4. Sanitization: While the skill mandates internal OmniScript validation (formulas and regex), no explicit sanitization of initial requirements before JSON generation is present.
Audit Metadata