salesforce-common-errors
Fail
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: HIGHDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill contains a bash command,
echo "Password format: ${SF_PASSWORD}${SF_SECURITY_TOKEN}", which prints the values of sensitive environment variables to the standard output. This action exposes authentication credentials in the agent's interaction logs and transcript.\n- [EXTERNAL_DOWNLOADS]: The skill usescurlto fetch instance status fromapi.status.salesforce.com. This is a legitimate request to a well-known service associated with the skill's primary purpose.\n- [COMMAND_EXECUTION]: The instructions utilize the Salesforce CLI (sf) to display organization limits and retrieve system logs. These operations are standard diagnostic tasks for the platform.\n- [PROMPT_INJECTION]: The skill ingests untrusted data from API error responses and system logs during diagnostic steps. This represents a surface for indirect prompt injection where malicious instructions could be embedded in the external data processed by the agent.
Recommendations
- AI detected serious security threats
Audit Metadata