Trust Assessment
salesforce received a trust score of 71/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Potential Command Injection via external CLI calls, Skill enables broad access to sensitive Salesforce data.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 11, 2026 (commit 0676c56a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via external CLI calls The skill demonstrates the use of external command-line tools (`sf` and `mcporter`) to interact with Salesforce. Parameters like `query`, `usernameOrAlias`, `target-org`, and `directory` are passed directly as arguments to these commands. If these parameters are derived from untrusted user input and are not properly sanitized or escaped by the agent's execution environment before being passed to the shell, a malicious user could inject arbitrary shell commands, leading to remote code execution. Ensure all arguments passed to external CLI commands are strictly validated, sanitized, and properly escaped (e.g., using `shlex.quote` in Python) to prevent shell metacharacter interpretation. Avoid direct string concatenation for command execution. Implement a allow-list for acceptable commands and arguments where possible. | Static | SKILL.md:68 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/salesforce/SKILL.md:63 | |
| MEDIUM | Skill enables broad access to sensitive Salesforce data The skill provides tools like `run_soql_query` and `sf data query` which allow the execution of arbitrary SOQL queries against the configured Salesforce org. This capability grants access to potentially all data within the Salesforce instance that the authenticated user has permissions for, including sensitive business information (e.g., financial data, customer details, sales pipeline). While necessary for the skill's stated functionality, this broad access poses a significant risk if the agent's usage is not properly controlled or audited, potentially leading to unauthorized data exposure or exfiltration. Implement strict access controls and authorization checks for the agent's use of this skill. Ensure that the agent only queries data relevant to its immediate task and that its Salesforce user operates with the principle of least privilege. Log all SOQL queries executed by the agent for auditing purposes. | Static | SKILL.md:140 |
Scan History
Embed Code
[](https://skillshield.io/report/f4813cd101372a0a)
Powered by SkillShield