AGENTFORCE-1.1: Mandatory User Confirmation
๐จ Critical ยท Excessive Agency
GenAiFunction actions that invoke Apex or Flow backend logic must require user confirmation to prevent the AI agent from autonomously executing side-effects. Without confirmation gates, a prompt injection or hallucination can trigger destructive operations (DML, API calls) without human oversight.
Detailsโ
| Field | Value |
|---|---|
| Rule ID | AGENTFORCE-1.1 |
| Severity | Critical |
| Category | Excessive Agency |
| Compliance | SOC2_CC6, NIST_AI_RMF, EU_AI_ACT_HIGH_RISK |
Remediationโ
Refer to the SquireX documentation for
remediation guidance specific to AGENTFORCE-1.1.