salesforce
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the
sf(Salesforce CLI) binary to execute operations including data management, authentication, and system diagnostics. - [EXTERNAL_DOWNLOADS]: The skill recommends installing the official
@salesforce/clipackage from the npm registry. Salesforce is a well-known and trusted service provider. - [DATA_EXFILTRATION]: The skill facilitates the retrieval, export, and display of sensitive Salesforce CRM data, such as access tokens, customer records, and system metadata. This is normal behavior for a CRM tool.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes data retrieved from Salesforce orgs which could contain malicious instructions. 1. Ingestion points: Results from
sf data queryandsf data search. 2. Boundary markers: Absent. 3. Capability inventory: Subprocess execution ofsfcommands, file writing via--output-file, and authenticated network requests viasf api request. 4. Sanitization: Absent.
Audit Metadata