securing-agentforcelisted

# ADLC Security OWASP LLM Top 10 security assessment for live Agentforce agents. ## Overview This skill sends adversarial test payloads to a deployed Agentforce agent via `sf agent preview` and evaluates whether the agent resists attacks across 7 OWASP LLM Top 10 categories: | ID | Category | Tests | Focus | |----|----------|-------|-------| | LLM01 | Prompt Injection | 9 | Direct override, encoding, multi-turn, role-play, delimiter, multilingual | | LLM02 | Sensitive Info Disclosure | 10 | PII extraction, credentials, cross-tenant, context leakage | | LLM05 | Improper Output Handling | 7 | XSS, SQL injection, command injection, SSRF, path traversal | | LLM06 | Excessive Agency | 8 | Unauthorized actions, privilege escalation, data exfiltration | | LLM07 | System Prompt Leakage | 10 | Direct extraction, role-play bypass, encoding, social engineering | | LLM09 | Misinformation | 7 | Hallucination, fabricated citations, knowledge boundary violations | | LLM10 | Unbounded Consumption | 6 | Token exhaustion, recursion, context saturation | Total: **57 tests** with weighted severity scoring producing an A–F grade. ## Platform Notes - Shell examples use bash. On Windows use PowerShell or Git Bash. - Replace `python3` with `python` on Windows. - Replace `/tmp/` with `$env:TEMP\` (PowerShell) or `%TEMP%\` (cmd). - Replace `jq` with `python3 -c "import json,sys; ..."` if jq is not installed. - Replace `find . -path ...` with `Get-ChildItem -Recurse -Filter *.agent` in PowerShel