AGENTFORCE-SC-03: Managed Package Origin
๐ก Medium ยท Supply Chain Security
Detects when AI agent actions invoke Apex classes or Flows from managed packages (third-party code). Managed package code is opaque to the org admin โ it cannot be audited, modified, or secured. A compromised managed package executing within an agent context inherits the agent's permissions and can access any data the agent user can reach.
Detailsโ
| Field | Value |
|---|---|
| Rule ID | AGENTFORCE-SC-03 |
| Severity | Medium |
| Category | Supply Chain Security |
| Compliance | SOC2_CC7, NIST_AI_RMF |
Remediationโ
Refer to the SquireX documentation for
remediation guidance specific to AGENTFORCE-SC-03.