Salesforce Reporting Copilot

Security checks across malware telemetry and agentic risk

Overview

This is a transparent Salesforce reporting helper that uses the Salesforce CLI to read org metadata and example records for report planning.

Before installing, be comfortable using it with Salesforce CLI access. Verify the target org alias, prefer a sandbox or least-privileged account, keep queries narrow, and protect any saved schema, CSV, or query output as potentially sensitive business data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 82% confidence
Finding: This markdown file includes commands that retrieve org metadata and query records, and one example explicitly saves describe output to `contact-schema.json`. The reference does not include any warning that command output may contain sensitive business or personal data or that saved files should be handled carefully.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal