Skip to main content

SquireX Security Rule Catalog

112 rules across 72 categories.

Action Configurationโ€‹

Rule IDSeverityName
AGENTFORCE-1.2๐Ÿ”ด HighSchema Synchronization Verification

Agent Flow Integrityโ€‹

Rule IDSeverityName
AGENTFORCE-2.2๐ŸŸก MediumTransition Integrity

Agent Script Safetyโ€‹

Rule IDSeverityName
AGENTFORCE-2.3๐Ÿ”ด HighPrompt Injection Defense Heuristics
AGENTFORCE-2.1๐ŸŸก MediumValidation Guard Clause Enforcement

AgentExchange Supply-Chainโ€‹

Rule IDSeverityName
AGENTFORCE-SC-10๐Ÿšจ CriticalTool Namespace Shadowing (Confused Deputy)
AGENTFORCE-SC-12๐Ÿ”ด HighTransitive Prompt Poisoning
AGENTFORCE-SC-11๐Ÿ”ด HighUnbound Gateway Activation

Agentforce for Commerceโ€‹

Rule IDSeverityName
AGENTFORCE-17.1๐Ÿšจ CriticalCommerce Agent Without Idempotency Key
AGENTFORCE-17.2๐Ÿšจ CriticalCommerce Agent Amount Without Bounds Check

Agentic Architectureโ€‹

Rule IDSeverityName
AGENTFORCE-7.1๐Ÿ”ด HighTopic Action Bloat (God-Topic Prevention)
AGENTFORCE-7.2๐Ÿ”ด HighInadequate Skill Semantics
AGENTFORCE-8.1๐Ÿ”ด HighContext Traversal Exfiltration (ForcedLeak Mitigation)
AGENTFORCE-7.3๐Ÿ”ด HighOrphaned Bot Without AiEvaluationDefinition

Autonomous Schedulingโ€‹

Rule IDSeverityName
AGENTFORCE-11.1๐Ÿšจ CriticalUnguarded Autonomous Scheduled Action
AGENTFORCE-11.2๐Ÿ”ด HighTime-Window Privilege Drift

Custom Permission Enforcementโ€‹

Rule IDSeverityName
AGENTFORCE-16.1๐Ÿ”ด HighAgent Action Without Custom Permission Gate

Data Cloud Groundingโ€‹

Rule IDSeverityName
AGENTFORCE-13.1๐Ÿšจ CriticalRAG Knowledge Source Without Schema Classification

Data Exfiltrationโ€‹

Rule IDSeverityName
AGENTFORCE-21.1๐Ÿšจ CriticalPII/PHI Payload Leakage in Tool Output

Data Exfiltration / Injectionโ€‹

Rule IDSeverityName
AGENTFORCE-21.2๐Ÿ”ด HighInsecure Output Handling (Agent-to-XSS)

Einstein Copilot Studio Configurationโ€‹

Rule IDSeverityName
AGENTFORCE-12.2๐Ÿšจ CriticalGenAiPlannerBundle API Version Drift
AGENTFORCE-12.1๐Ÿšจ CriticalLatent Memory Poisoning in Prompt Template

Excessive Agencyโ€‹

Rule IDSeverityName
AGENTFORCE-1.1๐Ÿšจ CriticalMandatory User Confirmation
AGENTFORCE-20.1๐Ÿšจ CriticalDML Bypassing FLS in Invocable Actions
AGENTFORCE-20.2๐Ÿšจ CriticalUnconstrained ModifyAllData in Agent Context
SNOW-20.2๐Ÿšจ CriticalRole Masking Not Configured for Dynamic User Agent

External Service Securityโ€‹

Rule IDSeverityName
AGENTFORCE-15.2๐Ÿ”ด HighDynamic Cloaking via External RAG Source
AGENTFORCE-15.1๐Ÿ”ด HighExternal Service Without Certificate Pinning

Governanceโ€‹

Rule IDSeverityName
AGENTFORCE-4.3๐Ÿ”ด HighSynthetic Evaluation Completeness

Graph: Cascading Automationโ€‹

Rule IDSeverityName
AGENTFORCE-32.1๐Ÿ”ด HighUnintended Autonomous Blast Radius

Graph: Component Injectionโ€‹

Rule IDSeverityName
AGENTFORCE-34.1๐Ÿšจ CriticalAgent-to-UI XSS (Component Injection Graph)

Graph: MCP Identity Mismatchโ€‹

Rule IDSeverityName
AGENTFORCE-33.1๐Ÿ”ด HighMCP Over-Provisioning

Graph: PII Exfiltration Pathโ€‹

Rule IDSeverityName
AGENTFORCE-30.1๐Ÿšจ CriticalContext Window PII Poisoning (Graph)

Graph: Privilege Escalation Pathโ€‹

Rule IDSeverityName
AGENTFORCE-31.1๐Ÿšจ CriticalAutonomous Without-Sharing Escalation (Deep)

Grounding Securityโ€‹

Rule IDSeverityName
AGENTFORCE-3.1๐Ÿšจ CriticalHardcoded Sensitive Indicators
AGENTFORCE-3.2๐Ÿšจ CriticalField-Level Security Masking Alignment

Headless MCP Accessโ€‹

Rule IDSeverityName
AGENTFORCE-MCP-02๐Ÿšจ CriticalBroad Scope DevOps Pipeline Inheritance
AGENTFORCE-MCP-04๐Ÿšจ CriticalMCP Tool Definition Drift (Rug Pull Detection)
AGENTFORCE-MCP-01๐Ÿšจ CriticalToken Passthrough Exposure Configuration
AGENTFORCE-MCP-06๐Ÿ”ด HighMCP Schema Parameter Injection
AGENTFORCE-MCP-03๐Ÿ”ด HighMissing Protocol Scope Constraints
AGENTFORCE-MCP-05๐Ÿ”ด HighShadow MCP Server Detection
AGENTFORCE-MCP-07๐Ÿ”ด HighMCP Server Network Exposure

Injectionโ€‹

Rule IDSeverityName
AGENTFORCE-FLOW-03๐Ÿ”ด HighVariable Injection in DML

Instruction Integrityโ€‹

Rule IDSeverityName
AGENTFORCE-9.1๐Ÿšจ CriticalMetadata Instruction Poisoning
AGENTFORCE-9.2๐Ÿ”ด HighCross-Topic Instruction Boundary

MCP Authenticationโ€‹

Rule IDSeverityName
AGENTFORCE-24.2๐Ÿ”ด HighMissing Signature Validation on Agent Webhook

MuleSoft Agent Fabricโ€‹

Rule IDSeverityName
AGENTFORCE-AF-01๐Ÿšจ CriticalBroker PII Routing Without Guard
AGENTFORCE-AF-02๐Ÿ”ด HighLLM Provider Without Rate Limit
AGENTFORCE-AF-03๐Ÿ”ด HighA2A Card Overpermissioned Scope
AGENTFORCE-AF-04๐Ÿ”ด HighBroker Privilege Escalation via Routing
AGENTFORCE-AF-05๐ŸŸก MediumBidirectional Agent Communication Without Broker

Multi-Agent Orchestrationโ€‹

Rule IDSeverityName
AGENTFORCE-18.1๐Ÿšจ CriticalCompositional Fragment Trap Risk
AGENTFORCE-18.2๐Ÿ”ด HighSybil Identity in Multi-Agent Orchestration
SNOW-18.2๐Ÿ”ด HighYokohama Agent Duplication Sybil

Network Securityโ€‹

Rule IDSeverityName
AGENTFORCE-API-01๐Ÿ”ด HighExternal Callout Injection

OpenGraph Securityโ€‹

Rule IDSeverityName
AGENTFORCE-OG-01๐Ÿ”ด HighOGP Metadata Prompt Injection
AGENTFORCE-OG-03๐Ÿ”ด HighAttractive Metadata Attack via OGP
AGENTFORCE-OG-02๐ŸŸก MediumA2A Agent Card / OGP Trust Mismatch

Operational Reliabilityโ€‹

Rule IDSeverityName
AGENTFORCE-10.1๐ŸŸก MediumValidation Rule Conflict

Orchestration Integrityโ€‹

Rule IDSeverityName
AGENTFORCE-4.1๐Ÿ”ด HighPlanner Orchestration Completeness

Platform Event Securityโ€‹

Rule IDSeverityName
AGENTFORCE-19.1๐Ÿšจ CriticalSub-agent Spawning via Platform Event
AGENTFORCE-19.2๐Ÿ”ด HighCDC Without Field Filter in Agent Context

Privilege Escalationโ€‹

Rule IDSeverityName
AGENTFORCE-FLOW-01๐Ÿšจ CriticalSystem Context Enforcement
AGENTFORCE-1.3๐Ÿ”ด HighTarget Context Privilege Analysis

Prompt Injectionโ€‹

Rule IDSeverityName
AGENTFORCE-PT-01๐Ÿšจ CriticalTemplate Context Poisoning

Resource Exhaustionโ€‹

Rule IDSeverityName
AGENTFORCE-23.1๐Ÿ”ด HighNon-Selective SOQL in Agent Tools (Agent DoS)

Runtime Capability Driftโ€‹

Rule IDSeverityName
AGENTFORCE-RD-01๐Ÿ”ด HighHeadless Confirmation Bypass (Experience Layer)
AGENTFORCE-RD-03๐Ÿ”ด HighPII Output Bypass in Headless Transmissions
AGENTFORCE-RD-04๐Ÿ”ด HighHeadless PII Route Validation
AGENTFORCE-RD-02๐ŸŸก MediumVariable State Condition Evasion

SSRFโ€‹

Rule IDSeverityName
AGENTFORCE-22.1๐Ÿšจ CriticalUnsafe Autonomous HTTP Callouts

Security Configurationโ€‹

Rule IDSeverityName
AGENTFORCE-PT-02๐Ÿ”ด HighExperimental Template Activation Exposure

ServiceNow ACLโ€‹

Rule IDSeverityName
SNOW-28.1๐Ÿšจ CriticalACL Script Using GlideRecord (Recursive Bypass)
SNOW-28.6๐Ÿ”ด HighaddEncodedQuery Without User Context Restriction

ServiceNow API Authenticationโ€‹

Rule IDSeverityName
SNOW-24.1๐Ÿ”ด HighAgent API Endpoint Without OAuth Scope Validation

ServiceNow Agent Architectureโ€‹

Rule IDSeverityName
SNOW-7.1๐ŸŸก MediumAgent Instruction Bloat

ServiceNow Autonomous Schedulingโ€‹

Rule IDSeverityName
SNOW-11.1๐Ÿ”ด HighScheduled Job Invoking Agent Without Guardrail

ServiceNow Data Exfiltrationโ€‹

Rule IDSeverityName
SNOW-21.1๐Ÿšจ CriticalAgent Script Accessing Sensitive Table Without Privacy Guard

ServiceNow Data Privacyโ€‹

Rule IDSeverityName
SNOW-13.1๐Ÿ”ด HighAgent Accessing Classified Data Without Privacy Guard

ServiceNow Domain Separationโ€‹

Rule IDSeverityName
SNOW-29.1๐Ÿ”ด HighDomain Separation Drift (Missing sys_domain)

ServiceNow Excessive Agencyโ€‹

Rule IDSeverityName
SNOW-20.1๐Ÿšจ CriticalAgent Executing With Admin Privileges

ServiceNow External Serviceโ€‹

Rule IDSeverityName
SNOW-15.1๐Ÿ”ด HighIntegration Spoke Without Certificate Pinning

ServiceNow Flow Securityโ€‹

Rule IDSeverityName
SNOW-5.1๐Ÿ”ด HighFlow Action Without Input Validation

ServiceNow Grounding Securityโ€‹

Rule IDSeverityName
SNOW-3.1๐Ÿ”ด HighGrounding Source Without Classification

ServiceNow Instruction Integrityโ€‹

Rule IDSeverityName
SNOW-9.1๐Ÿšจ CriticalPrompt Injection Vector in Agent Instructions

ServiceNow MCP Accessโ€‹

Rule IDSeverityName
SNOW-25.1๐Ÿ”ด HighMCP Server Without Scope Constraints

ServiceNow MID Server Trustโ€‹

Rule IDSeverityName
SNOW-31.1๐Ÿšจ CriticalMID Server / Discovery Trust Violation

ServiceNow Memory Safetyโ€‹

Rule IDSeverityName
SNOW-12.2๐Ÿšจ CriticalLatent Memory Poisoning in Agent Memory

ServiceNow Multi-Agentโ€‹

Rule IDSeverityName
SNOW-18.1๐Ÿ”ด HighMulti-Agent Compositional Fragment Trap

ServiceNow Operational Reliabilityโ€‹

Rule IDSeverityName
SNOW-10.1๐Ÿ”ด HighAgent DML Without Data Policy Guard

ServiceNow Resource Exhaustionโ€‹

Rule IDSeverityName
SNOW-23.1๐Ÿ”ด HighUnbounded GlideRecord Query in Agent Script

ServiceNow Role-Based Accessโ€‹

Rule IDSeverityName
SNOW-16.1๐Ÿ”ด HighAgent Action Without Role Gate

ServiceNow Runtime Driftโ€‹

Rule IDSeverityName
SNOW-27.1๐Ÿšจ CriticalNow Assist API Confirmation Bypass

ServiceNow SSRFโ€‹

Rule IDSeverityName
SNOW-22.1๐Ÿšจ CriticalSSRF via Dynamic RESTMessageV2 Endpoint

ServiceNow Scope Hygieneโ€‹

Rule IDSeverityName
SNOW-30.1๐Ÿ”ด HighApplication Scope Hygiene Violation

ServiceNow Script Safetyโ€‹

Rule IDSeverityName
SNOW-2.1๐Ÿšจ CriticalUnsafe Script Pattern in Agent Tool

ServiceNow Skill Kitโ€‹

Rule IDSeverityName
SNOW-12.1๐Ÿ”ด HighSkill Kit Version Drift

ServiceNow Structural Dependencyโ€‹

Rule IDSeverityName
SNOW-4.1๐Ÿ”ด HighOrphaned Agent Tool Reference

ServiceNow Supply Chainโ€‹

Rule IDSeverityName
SNOW-6.1๐Ÿ”ด HighUpdate Set Missing Agent Dependencies
SNOW-26.1๐Ÿ”ด HighSkill Namespace Shadowing

ServiceNow Tool Configurationโ€‹

Rule IDSeverityName
SNOW-1.1๐Ÿšจ CriticalAgent Tool Without Confirmation Gate

ServiceNow Trigger Executionโ€‹

Rule IDSeverityName
SNOW-19.1๐Ÿ”ด HighBusiness Rule Triggering Agent Execution

ServiceNow Virtual Agentโ€‹

Rule IDSeverityName
SNOW-14.1๐Ÿ”ด HighVirtual Agent Topic Without Input Sanitization

Slack Integration Securityโ€‹

Rule IDSeverityName
AGENTFORCE-14.1๐Ÿ”ด HighSlack Channel Bot Without DLP Guard

Structural Dependencyโ€‹

Rule IDSeverityName
AGENTFORCE-4.2๐Ÿ”ด HighComponent Deactivation Collision

Supply Chain Securityโ€‹

Rule IDSeverityName
AGENTFORCE-SC-01๐Ÿšจ CriticalMalicious API Downgrade Injection
AGENTFORCE-SC-02๐Ÿ”ด HighSilent Schema Desync Exploit
AGENTFORCE-SC-03๐ŸŸก MediumManaged Package Origin

Supply Chain: ToxicSkillsโ€‹

Rule IDSeverityName
AGENTFORCE-TS-01๐Ÿšจ CriticalHidden Instruction in Markdown
AGENTFORCE-TS-02๐Ÿ”ด HighBase64 Payload in Skill File
AGENTFORCE-TS-03๐Ÿ”ด HighZero-Width Unicode Injection

Unauthorized Actionโ€‹

Rule IDSeverityName
AGENTFORCE-FLOW-02๐Ÿ”ด HighSilent State Modification via Flow