AGENTFORCE-SC-10: Tool Namespace Shadowing (Confused Deputy)
๐จ Critical ยท AgentExchange Supply-Chain
Detects when third-party AgentExchange plugins register tools with API names identical or similar to core Salesforce internal functions, or embed cross-origin shadowing directives in their description fields. A shadowed tool can execute a confused deputy attack against the broader Salesforce dataset.
Detailsโ
| Field | Value |
|---|---|
| Rule ID | AGENTFORCE-SC-10 |
| Severity | Critical |
| Category | AgentExchange Supply-Chain |
Remediationโ
Refer to the SquireX documentation for
remediation guidance specific to AGENTFORCE-SC-10.