salesforce
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill provides detailed instructions for building autonomous AI agents (Agentforce). While this creates an inherent attack surface for indirect prompt injection via ingested data, the skill explicitly provides security mitigations including the 'Einstein Trust Layer' (data masking, toxicity detection) and 'Guardrails' (hard constraints on agent actions).
- Ingestion points: Data Cloud, Knowledge Base, and External Systems via MuleSoft.
- Boundary markers: Einstein Trust Layer and Agentforce Guardrails.
- Capability inventory: Subprocess calls (via Apex Invocable Methods), DML operations, and network callouts.
- Sanitization: Einstein Trust Layer provides automated PII masking and toxicity filtering.
- [COMMAND_EXECUTION]: The skill includes instructions to write configuration strings to 'CLAUDE.md'. This is a standard and expected practice for configuring agent environments in the Claude Code ecosystem and does not involve unauthorized system access.
- [EXTERNAL_DOWNLOADS]: The skill references several external resources and documentation sites. All identified domains (salesforce.com, trailhead.salesforce.com, developer.salesforce.com) are well-known, official services of a trusted organization (Salesforce).
Audit Metadata