AGENTFORCE-19.2: CDC Without Field Filter in Agent Context
๐ด High ยท Platform Event Security
Detects Change Data Capture triggers that deliver unfiltered field changes to agent contexts. CDC triggers run in system context and bypass FLS โ without getChangeEventHeader().getChangedFields() filtering, all changed fields (including restricted PII) are passed to the agent.
Detailsโ
| Field | Value |
|---|---|
| Rule ID | AGENTFORCE-19.2 |
| Severity | High |
| Category | Platform Event Security |
| Compliance | SOC2_CC7, NIST_AI_RMF |
Remediationโ
Refer to the SquireX documentation for
remediation guidance specific to AGENTFORCE-19.2.