Skip to main content

Code reviews rule: Incorrect Agentforce settings

Written by David Martin
Updated this week

Incorrect Agentforce settings

Why is this an issue?

Incorrect or lax Agentforce settings can weaken guardrails and introduce security risks. Agents may share sensitive information inappropriately, miss toxic input, or fail to detect prompt injection attacks.

Examples

Example of incorrect settings:

<EinsteinAISettings xmlns="http://soap.sforce.com/2006/04/metadata">
  <enableAIFeedbackWithDC>false</enableAIFeedbackWithDC>
  <enableAITrustInputToxicityDetection>false</enableAITrustInputToxicityDetection>
  <enableAITrustPromptInjectionDetection>false</enableAITrustPromptInjectionDetection>
  <enableAgentHealthMonitoring>false</enableAgentHealthMonitoring>
  <enablePBPromptPerformanceMetrics>false</enablePBPromptPerformanceMetrics>
  <enableTrustPIIMasking>false</enableTrustPIIMasking>
</EinsteinAISettings>

Example of correct settings:

<EinsteinAISettings xmlns="http://soap.sforce.com/2006/04/metadata">
  <enableAIFeedbackWithDC>true</enableAIFeedbackWithDC>
  <enableAITrustInputToxicityDetection>true</enableAITrustInputToxicityDetection>
  <enableAITrustPromptInjectionDetection>true</enableAITrustPromptInjectionDetection>
  <enableAgentHealthMonitoring>true</enableAgentHealthMonitoring>
  <enablePBPromptPerformanceMetrics>true</enablePBPromptPerformanceMetrics>
  <enableTrustPIIMasking>true</enableTrustPIIMasking>
</EinsteinAISettings>

How can I fix violations?

Review all settings: Compare your configuration against Salesforce recommendations.

Resources

Related Articles
ActivateRss not defined
Swap the site administrator reference of a new CustomSite
Why can't I compare the standard matching rules?
Code reviews rule: Untested Agentforce agent
Code reviews rule: Missing customer verification in Agentforce agent
Did this answer your question?