AGENTFORCE-24.2: Missing Signature Validation on Agent Webhook
๐ด High ยท MCP Authentication
Detects @RestResource Apex endpoints accessible to agent actions that do not implement HMAC signature verification. Without signature validation, any caller can forge webhook payloads to invoke agent actions outside the intended security context.
Detailsโ
| Field | Value |
|---|---|
| Rule ID | AGENTFORCE-24.2 |
| Severity | High |
| Category | MCP Authentication |
| Compliance | OWASP_MCP_TOP_10, SOC2_CC7 |
Remediationโ
Refer to the SquireX documentation for
remediation guidance specific to AGENTFORCE-24.2.