Back to skill

Security audit

Salesforce AI Agentforce Persona

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Salesforce Agentforce persona-design skill that creates expected local Markdown outputs and shows no code execution, credential collection, or exfiltration behavior.

Install if you are comfortable with persona, sample dialog, scorecard, and encoding files being saved under `_local/generated`. Avoid providing confidential brand guides or internal prompts unless local persistence is acceptable, use the skill only for persona-design work, and explicitly choose or confirm voice attributes rather than relying on inferred gender.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Low
Confidence
88% confidence
Finding
The skill explicitly states that it produces generated files under `_local/generated/...`, but it does not clearly warn the user up front that invoking the skill may result in filesystem writes. In an agent environment, implicit file creation can surprise users, overwrite prior artifacts, or leak sensitive prompt-derived content into persistent local storage.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The encode flow instructs the agent to write encoding output to disk by default using the `Write` tool, without requiring explicit confirmation at that step. Because encoding output can contain sensitive internal brand guidance, persona rules, or deployment-ready configuration, automatic persistence increases the risk of unintended data retention or overwriting existing files.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill enables implicit invocation via `allow_implicit_invocation: true`, but the file does not define concrete trigger constraints, examples, or narrow routing conditions in the same artifact. This can cause the skill to be auto-selected for loosely related prompts, increasing the chance of prompt routing mistakes, unintended persona shaping, or interception of requests meant for other Salesforce skills.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The guide explicitly recommends inferring voice gender from persona name, pronouns, or description and only asking when ambiguous. Inferring a sensitive identity attribute instead of requiring explicit user choice can misgender people, encode stereotypes, and lead to discriminatory or inappropriate agent configurations. In a persona-design skill, this is more dangerous because the guidance is prescriptive and likely to be operationalized repeatedly across deployments.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.