AGENTFORCE-15.1: External Service Without Certificate Pinning
๐ด High ยท External Service Security
Detects Named Credentials used for external service calls that lack certificate pinning (useClientCertificate = false). Agents calling external APIs over unpinned connections are vulnerable to Man-in-the-Middle interception of sensitive tool output.
Detailsโ
| Field | Value |
|---|---|
| Rule ID | AGENTFORCE-15.1 |
| Severity | High |
| Category | External Service Security |
| Compliance | SOC2_CC7, OWASP_MCP_TOP_10 |
Remediationโ
Refer to the SquireX documentation for
remediation guidance specific to AGENTFORCE-15.1.