skills/jeremylongshore/claude-code-plugins-plus-skills/salesforce-enterprise-rbac/Gen Agent Trust Hub
salesforce-enterprise-rbac
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill contains well-documented procedures for Salesforce Enterprise RBAC configuration, including Profiles, Permission Sets, and Sharing Rules. The TypeScript snippets provided are standard for Salesforce integration tasks and do not contain hardcoded credentials or malicious commands.
- [PROMPT_INJECTION]: While no active injection was found, the skill's design creates a surface for indirect prompt injection by processing external data from a CRM environment.
- Ingestion points: The skill retrieves Salesforce metadata and user records through SOQL queries (e.g., fetching Profiles and PermissionSetAssignments in
SKILL.md). - Boundary markers: There are no explicit delimiters or boundary markers used in the code templates to separate external data from agent instructions.
- Capability inventory: The skill is permitted to use
Read,Write, andEdittools, which allows for record modification based on processed data. - Sanitization: The provided code examples do not include sanitization or validation of the data retrieved from the Salesforce API.
Audit Metadata