skills/jeremylongshore/claude-code-plugins-plus-skills/salesforce-webhooks-events/Gen Agent Trust Hub
salesforce-webhooks-events
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill demonstrates proper security hygiene by using environment variables (e.g., SF_PASSWORD, SF_SECURITY_TOKEN, REDIS_URL) for managing sensitive credentials and connection strings rather than hardcoding them.
- [PROMPT_INJECTION]: The skill facilitates the ingestion of external data from Salesforce through Platform Events, Change Data Capture (CDC), and SOAP-based Outbound Messages, which represents a surface for potential indirect prompt injection. 1. Ingestion points: Event subscriptions in SKILL.md (Step 1, 2) and an Express.js POST endpoint for webhooks in SKILL.md (Step 3). 2. Boundary markers: No explicit delimiters or boundary markers are utilized in the provided code snippets to isolate untrusted external content. 3. Capability inventory: The skill utilizes the jsforce library for Salesforce API access and ioredis for interacting with a Redis database. 4. Sanitization: Input processing is limited to XML/JSON parsing; no specific sanitization or filtering of the incoming data payload is implemented before potential use in agent prompts.
Audit Metadata