Trust Assessment
salesforce-skill received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 3 critical, 0 high, 1 medium, and 0 low severity. Key findings include Missing required field: name, Shell Command Injection via user-supplied record values, Shell Command Injection via `run-soql` query argument.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 10/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Shell Command Injection via user-supplied record values The `create-contact` function, and similarly `create-lead`, `create-account`, `update-opp-stage`, `update-account`, and `delete-record` functions, construct command arguments using direct interpolation of user-supplied input (e.g., `$FIRST`, `$LAST`, `$EMAIL`, `$STAGE`, `$SOBJECT`, `$RECORD_ID`) into `sf data create record`, `sf data update record`, and `sf data delete record` commands. This allows an attacker to inject arbitrary shell commands by providing specially crafted input for any of these arguments. For example, providing `John' $(evil_command) #` as the first name would execute `evil_command` on the host system. All user-supplied arguments used in shell commands must be properly escaped to prevent shell metacharacters from being interpreted as commands. For bash, consider using `printf %q` for individual arguments or a more robust method to construct the `--values` string, such as writing to a temporary file or using a tool that handles escaping. Ensure that the `sf` CLI arguments are treated as data, not executable code. | LLM | scripts/salesforce-helper.sh:79 | |
| CRITICAL | Shell Command Injection via `run-soql` query argument The `run-soql` function directly uses the first user-supplied argument (`$QUERY`) as the value for the `--query` flag in an `sf data query` command. This allows an attacker to inject arbitrary shell commands by providing a malicious string for `$QUERY`. For example, `run-soql "SELECT Id FROM Account' $(evil_command) #"` would execute `evil_command` on the host system. The `$QUERY` variable must be sanitized or properly escaped before being passed to `sf data query`. If `sf` CLI expects a single string, then careful escaping of single quotes and shell metacharacters within `$QUERY` is required. Alternatively, consider using a safer method to pass the query, such as a temporary file, if the `sf` CLI supports it. | LLM | scripts/salesforce-helper.sh:226 | |
| CRITICAL | Shell Command Injection via `run-apex` code argument The `run-apex` function directly uses the first user-supplied argument (`$APEX_CODE`) as the value for the `--apex` flag in an `sf apex run` command. This allows an attacker to inject arbitrary shell commands by providing a malicious string for `$APEX_CODE`. For example, `run-apex "System.debug('Hello');' $(evil_command) #"` would execute `evil_command` on the host system. The `$APEX_CODE` variable must be sanitized or properly escaped before being passed to `sf apex run`. If `sf` CLI expects a single string, then careful escaping of single quotes and shell metacharacters within `$APEX_CODE` is required. Alternatively, consider using a safer method to pass the code, such as a temporary file, if the `sf` CLI supports it. | LLM | scripts/salesforce-helper.sh:241 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/lucas-riverbi/salesforce-skill/SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/c68262f135df1c35)
Powered by SkillShield