The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the Bash tool with a scope restricted to npm commands to facilitate the management of the jsforce library, which is necessary for the Salesforce API interactions described.
[DATA_EXPOSURE]: The instructions provide methods for reading data from local CSV files and transmitting it to Salesforce. While this involves processing local user data, it is the primary intended function of the skill and does not involve sensitive system files or unauthorized exfiltration.
[EXTERNAL_DOWNLOADS]: The skill relies on the jsforce package, a well-known third-party library for Salesforce connectivity. This dependency is managed via the standard npm registry.
[PROMPT_INJECTION]: The skill ingests data from external sources (CSV files), creating a potential surface for indirect prompt injection.
Ingestion points: Data enters the agent's context through CSV file reading (contacts-import.csv) and string interpolation.
Boundary markers: The provided code snippets do not include explicit markers or instructions to isolate or ignore potentially malicious content within the CSV data.
Capability inventory: The skill has the capability to read local files and execute network requests to Salesforce APIs.
Sanitization: No input validation or sanitization logic is shown for the data being processed.

salesforce-core-workflow-b