AGENTFORCE-16.1: Agent Action Without Custom Permission Gate
๐ด High ยท Custom Permission Enforcement
Detects agent actions targeting Apex classes that perform DML on financially-sensitive objects (Opportunity, Order, Contract, Quote) without checking CustomPermission or FeatureManagement.checkPermission() before execution.
Detailsโ
| Field | Value |
|---|---|
| Rule ID | AGENTFORCE-16.1 |
| Severity | High |
| Category | Custom Permission Enforcement |
| Compliance | SOC2_CC6, NIST_AI_RMF |
Remediationโ
Refer to the SquireX documentation for
remediation guidance specific to AGENTFORCE-16.1.