agent-actions
Use when designing or reviewing Agentforce actions, including Flow actions, Apex invocable actions, prompt-template actions, action naming, input and output contracts, confirmation requirements, and safe error behavior. Triggers: 'agent actions', 'flow action for agent', 'agent invocable action', 'action schema design', 'agent action error handling'. NOT for topic boundary design or general Apex invocable guidance when the main concern is not an agent-facing action contract.
Best use case
agent-actions is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Use when designing or reviewing Agentforce actions, including Flow actions, Apex invocable actions, prompt-template actions, action naming, input and output contracts, confirmation requirements, and safe error behavior. Triggers: 'agent actions', 'flow action for agent', 'agent invocable action', 'action schema design', 'agent action error handling'. NOT for topic boundary design or general Apex invocable guidance when the main concern is not an agent-facing action contract.
Teams using agent-actions should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/agent-actions/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How agent-actions Compares
| Feature / Agent | agent-actions | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Use when designing or reviewing Agentforce actions, including Flow actions, Apex invocable actions, prompt-template actions, action naming, input and output contracts, confirmation requirements, and safe error behavior. Triggers: 'agent actions', 'flow action for agent', 'agent invocable action', 'action schema design', 'agent action error handling'. NOT for topic boundary design or general Apex invocable guidance when the main concern is not an agent-facing action contract.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
SKILL.md Source
# Agent Actions
Use this skill when the agent already knows the right topic, but still needs a safe and understandable way to do work. Agent actions are the operational boundary between conversational intent and real system side effects. Poor action design leads to vague capabilities, hard-to-recover failures, and agents invoking the wrong tool because names or contracts are ambiguous.
The design goal is simple: a small, well-named action set with stable inputs, predictable outputs, and deliberate confirmation for side effects. Salesforce guidance emphasizes keeping action counts low, using clear names and descriptions, and shaping input types so the agent can select and execute actions reliably. Action design should help the agent understand what the tool does, what data it needs, and when failure should be surfaced to the user versus returned as a structured business result.
Agent actions can be Flow-based, Apex invocable, or prompt-template oriented depending on the task. Flow actions are strong when declarative orchestration is enough. Apex invocable actions are better when service-layer control, strict contracts, or heavier logic matter. Prompt-template actions fit generation tasks, not destructive record mutation. The boundary should be chosen intentionally.
---
## Before Starting
Check for `salesforce-context.md` in the project root. If present, read it first.
Gather if not available:
- What exact business task should the action perform, and is it read-only or side-effecting?
- Should the action be declarative Flow, Apex invocable, or prompt-template based?
- What inputs are truly required, and what output shape will help the agent reason about success or failure?
- Does the action need confirmation before mutating data, sending messages, or performing irreversible work?
- What's the expected invocation rate? (An action the agent calls 1000 times/day has different safety concerns than one called 5 times/day.)
- Who is accountable for the business contract this action implements? (Action failures become their incident.)
---
## Core Concepts
### Actions Are Capabilities, Not Conversation Dumps
An action should do one business job clearly. Do not create vague actions like `runProcess` or `handleRequest` that hide several outcomes. The LLM selects actions based on semantic clarity of names + descriptions; "do the thing" descriptions produce "do something random" behavior.
Rule of thumb: if you can't explain what the action does to a business user in one sentence, the action is too broad. Split it.
### Naming And Description Drive Tool Selection
The agent relies on action labels, descriptions, and parameter meaning to choose correctly. Human-readable clarity is part of the runtime contract.
**Naming pattern (recommended):**
- Verb-first: `Create_Case`, `Update_Opportunity_Stage`, `Send_Contract_For_Signature`.
- Object-aware: include the primary sObject in the name.
- Avoid generic verbs: `Process`, `Handle`, `Execute` — too vague for the LLM.
- Specific outcome: `Generate_Quote_PDF` beats `Generate_Document`.
**Description pattern:**
- One sentence on what the action DOES.
- One sentence on when to USE it.
- One sentence on what the action does NOT do (prevents over-selection).
### Stable Input And Output Shapes Improve Reliability
The agent needs narrow, predictable parameters and results. Avoid overloading one action with many loosely related required fields or generic object blobs.
**Input design rules:**
- Prefer typed primitives (Text, Number, Date, Boolean) over generic SObject blobs.
- Mark inputs as `required` only when they're truly required; optional inputs let the agent adapt.
- Provide default values where safe — reduces the cognitive load on action selection.
- Avoid "payload" fields that hide structured data inside a string (can't validate at design time).
**Output design rules:**
- Return structured success/failure flags (`success: boolean`, `errorCode: string`, `message: string`).
- Include the primary identifier of any created/modified record (agent can reference it in the conversation).
- Never throw raw exceptions as the output — wrap in a business-shaped result.
### Confirmation And Error Behavior Need Deliberate Design
Destructive or customer-visible side effects should be confirmation-aware. Failures should return clear business meaning rather than raw stack traces or empty silence.
**Confirmation patterns:**
- **Always-confirm:** every invocation waits for user confirmation (e.g. sending legal contracts).
- **Threshold-confirm:** confirmation triggers above a threshold (e.g. order > $10k).
- **Two-phase:** action returns a preview, user confirms, action is invoked a second time to commit.
- **Agent-declared:** action declares `requiresConfirmation: true` and the agent runtime handles the UX.
**Error patterns:**
- **Recoverable:** action returns `success: false` + error code; agent can retry with different inputs.
- **Unrecoverable:** action returns clear message; agent escalates to human.
- **Policy-blocked:** action returns "not allowed"; agent explains policy to user.
---
## Common Patterns
### Pattern 1: Flow Action For Declarative Orchestration
**When to use:** The task can be modeled as clear declarative steps and the admin team should retain ownership.
**Structure:** Use a narrow Flow boundary (auto-launched flow with explicit input/output variables). Keep inputs explicit and typed. Ensure the output is meaningful enough for the agent to continue or explain a failure. Fault connectors on every element.
**Why not the alternative:** Apex adds complexity when the task is mainly orchestration; admins can maintain the flow without code skills.
### Pattern 2: Apex Invocable Service Action
**When to use:** The action needs reusable service logic, stricter contracts, or finer transaction control.
**Structure:**
```apex
public class CreateCaseForAccount {
@InvocableMethod(label='Create Case for Account'
description='Creates a support case attached to a specific Account and returns the Case ID. Use when customer reports an issue; do NOT use for feature requests (those go to a different action).')
public static List<Result> createCase(List<Request> requests) {
// ... bulk-safe implementation
}
public class Request {
@InvocableVariable(required=true label='Account ID' description='Salesforce ID of the parent Account')
public String accountId;
@InvocableVariable(required=true label='Subject' description='Short description of the issue, plain English')
public String subject;
@InvocableVariable(label='Priority' description='Low, Medium, High; defaults to Medium if omitted')
public String priority;
}
public class Result {
@InvocableVariable public Boolean success;
@InvocableVariable public String caseId;
@InvocableVariable public String errorCode;
@InvocableVariable public String message;
}
}
```
The `@InvocableVariable` descriptions ARE the LLM's documentation. Write them well.
### Pattern 3: Confirmation-Gated Mutation Action
**When to use:** The action creates, updates, deletes, or externally sends something significant.
**Structure:**
1. Register the action with `requiresConfirmation=true` (where the platform supports it; otherwise via prompt-instruction pattern).
2. The action's description explicitly states "requires user confirmation before execution".
3. Agent prompt guidance reinforces: "for any action that sends contracts, cancels orders, or updates financial fields, require explicit user confirmation".
4. On user decline, action is never invoked; agent explains to user what was NOT done.
### Pattern 4: Prompt-Template Action For Content Generation
**When to use:** The action's job is to generate text/content from record context (e.g. draft email, summarize case, explain quote).
**Structure:** Register a Prompt Template (via Prompt Builder) as an agent action. The prompt template defines inputs (record references) and the model generates the output. DO NOT use prompt-template actions for mutation — they're generation-only.
### Pattern 5: Read-Only Lookup Action
**When to use:** Agent needs to retrieve information before deciding next steps.
**Structure:** Thin invocable method that executes a specific SOQL query. Read-only; no side effects. Fast (sub-second). Returns a structured result the agent can reason over.
Read-only actions should be plentiful; mutation actions should be scarce. The asymmetry is deliberate — agents should READ freely and WRITE only with deliberation.
---
## Decision Guidance
| Situation | Recommended Approach | Reason |
|---|---|---|
| Declarative orchestration is sufficient | Flow action (Pattern 1) | Lower implementation overhead |
| Service logic or tighter contract control needed | Apex invocable action (Pattern 2) | Better structure and reuse |
| Task is primarily content generation | Prompt-template action (Pattern 4) | Generation boundary is clearer |
| Action mutates records or triggers external side effects | Confirmation-gated (Pattern 3) | Safer execution |
| Action name and schema feel generic | Redesign before release | Agent selection quality depends on clarity |
| Agent needs to retrieve info before deciding | Read-only Apex lookup (Pattern 5) | Fast, safe, composable |
| Action's work exceeds one transaction | Platform Event publish → async processing | Don't block the conversation on long work |
---
## Review Checklist
- [ ] Each action performs one business capability clearly.
- [ ] Names and descriptions help the agent choose the right tool.
- [ ] Inputs are narrow, typed, and not overloaded with generic payloads.
- [ ] Outputs communicate business success or failure clearly (not raw exceptions).
- [ ] Destructive or external side effects require deliberate confirmation behavior.
- [ ] Total action set is small enough to stay understandable (< 20 actions per agent).
- [ ] Read-only lookup actions are separated from mutation actions.
- [ ] `@InvocableVariable` descriptions are informative (LLM reads them).
- [ ] Apex invocable actions are bulk-safe (`List<T>` signature).
- [ ] Fault handling designed for each action (per `flow/fault-handling` if Flow-based).
## Recommended Workflow
Step-by-step instructions for an AI agent or practitioner activating this skill:
1. Gather context — confirm the business task, action type, side-effect profile, and invocation rate
2. Review official sources — check the references in this skill's well-architected.md before making changes
3. Implement or advise — apply the patterns from Common Patterns above; name and shape the contract deliberately
4. Validate — run the skill's checker script and verify against the Review Checklist above
5. Document — record any deviations from standard patterns and update the template if needed
---
## Salesforce-Specific Gotchas
1. **A technically valid invocable action can still be a poor agent action** — generic names and overloaded schemas hurt tool selection.
2. **Prompt-template actions are not the right tool for transactional mutation** — generation and side effects should not be blurred.
3. **Too many actions reduce action selection quality** — a larger tool belt is not always a better one; 20 is a soft upper bound.
4. **Raw exceptions are weak agent outputs** — business-safe result structures help the agent explain failure and recover.
5. **Apex invocable actions share the agent session's governor budget** — CPU + SOQL + DML all contend. A heavy action exhausts the budget for subsequent actions in the same session.
6. **`@InvocableVariable(label=...)` is what the agent sees, not the Apex variable name** — use clear labels.
7. **Flow-backed actions can be deactivated out from under the agent** — deploy gates should include "agent-referenced Flow activation" verification.
8. **Managed-package invocable actions may have opaque contracts** — the agent can call them but may not understand the outputs; wrap in a clarifying Apex invocable.
9. **Actions in Guest-user Agentforce contexts bypass user-specific security** — explicitly audit Guest-invoked actions.
10. **Running-user context is the agent's assigned User record** — not the end-customer interacting with the agent. Sharing implications differ from typical UI flows.
## Proactive Triggers
Surface these WITHOUT being asked:
- **Action with generic verb (`Process`, `Handle`, `Execute`)** → Flag as High. LLM can't select confidently.
- **Mutation action with no confirmation design** → Flag as Critical. User-visible side-effect without a brake.
- **Raw exception in action output** → Flag as High. Agent can't explain the failure.
- **Action set > 25 per agent** → Flag as Medium. Tool-belt bloat; consolidate.
- **InvocableVariable description empty or trivial** → Flag as High. LLM documentation missing.
- **Apex action not bulk-safe (single-instance signature)** → Flag as High. Scale risk.
- **Mutation action in a Guest-user agent without security review** → Flag as Critical.
- **Action name duplicates another action's semantics** → Flag as High. Selection ambiguity.
## Output Artifacts
| Artifact | Description |
|---|---|
| Action design review | Findings on naming, schema, confirmation, failure behavior |
| Action boundary recommendation | Flow vs Apex vs prompt-template guidance |
| Contract pattern | Suggested request and response shape for agent-safe execution |
| Confirmation policy | Which actions require confirmation + the UX pattern |
| Action inventory | List of actions per agent with purpose + owner + invocation rate |
## Related Skills
- **agentforce/agent-topic-design** — when the bigger problem is topic boundary and routing.
- **agentforce/einstein-trust-layer** — when the action's data-handling is a Trust Layer concern.
- **agentforce/agentforce-guardrails** — overall guardrail strategy that actions fit into.
- **agentforce/agent-testing-and-evaluation** — how to verify actions behave correctly in agent context.
- **apex/invocable-methods** — when the action contract issue is really a generic Apex boundary question.
- **flow/flow-action-framework** — when the Flow-side of the action contract is the concern.Related Skills
omnistudio-remote-actions
Use when configuring, troubleshooting, or choosing between Remote Action types in OmniScript or FlexCard. Triggers: 'remote action', 'OmniScript action', 'IP action', 'Apex action element', 'VlocityOpenInterface2', 'Send/Response JSON Path'. NOT for Integration Procedure internal design (use integration-procedures) or generic Apex callout patterns (use apex integration skills).
lwc-quick-actions
Use when building a Lightning Web Component that runs from a record page quick-action button — either a screen action that renders UI in a modal or a headless action that invokes logic with no UI. Triggers: 'lwc quick action on record page', 'headless quick action no ui', 'closeactionscreenevent not working', 'how to pass recordid into quick action lwc', 'quick action vs flow action', 'quick action modal size'. NOT for Flow screen components — use `lwc-in-flow-screens` — and NOT for global actions without a record context or for list-view bulk actions that do not receive a single `recordId`.
github-actions-for-salesforce
Use this skill to set up, review, or troubleshoot GitHub Actions CI/CD pipelines for Salesforce using SFDX JWT Bearer Flow authentication, Apex test gates, and branch-conditional deployments. Trigger keywords: github actions, CI pipeline, jwt auth, sfdx ci, workflow yaml, github secrets, apex coverage threshold. NOT for other CI tools such as Jenkins, Copado, Bitbucket Pipelines, or Azure DevOps.
fsl-custom-actions-mobile
Use this skill when building custom LWC actions for the FSL Mobile app: barcode scanning, GPS capture, photo/signature capture, or custom guided workflows on mobile. Trigger keywords: FSL Mobile custom action, lightning__GlobalAction FSL, barcode scanner LWC, mobileCapabilities, Nimbus plugin, FSL lightning SDK. NOT for standard Salesforce Mobile App quick actions, standard Experience Cloud pages, or desktop Lightning Experience LWC components.
cpq-custom-actions
Use when adding, configuring, or troubleshooting custom action buttons in the Salesforce CPQ Quote Line Editor (QLE), product configurator, or amendment/renewal screens. Trigger keywords: CPQ custom action, QLE button, SBQQ__CustomAction__c, CPQ Flow button, CPQ URL action. NOT for standard Salesforce quick actions on non-CPQ objects, Lightning Experience action bars outside the QLE, or CPQ Price Rules and Product Rules.
custom-agent-actions-apex
Use when building custom Apex-based actions for Agentforce agents: designing @InvocableMethod classes for Atlas Reasoning Engine invocation, defining input/output schema, handling errors, and managing security context. NOT for standard out-of-the-box agent actions, Flow-based actions, or general @InvocableMethod usage in Flow (use flow/* skills).
global-actions-and-quick-actions
Use this skill when configuring object-specific quick actions or global actions in Salesforce: choosing between action types, editing action layouts, pre-filling fields with predefined values, and adding actions to Lightning page layouts or mobile navigation. Trigger keywords: quick action, global action, action layout, pre-fill fields, predefined values, Salesforce mobile actions. NOT for Flow-triggered actions or Next Best Action recommendations (use flow/* or agentforce skills). NOT for Apex-defined actions.
dynamic-forms-and-actions
Use this skill to configure Dynamic Forms (field and section visibility on Lightning record pages) and Dynamic Actions (button/action visibility rules) using Lightning App Builder. Covers enabling Dynamic Forms, converting page layout fields to Dynamic Form components, writing field visibility rules (field value, profile, permission, record type, device), and controlling action bar visibility per record context. NOT for page layout design or record type assignment (use record-types-and-page-layouts). NOT for building custom LWC components.
xss-and-injection-prevention
Use when writing or reviewing Visualforce pages, Apex controllers, or LWC components that output user-supplied data, build dynamic queries, or construct HTTP responses. Triggers: 'XSS in Visualforce', 'SOQL injection vulnerability', 'how to encode output in Apex', 'JSENCODE Visualforce', 'open redirect prevention'. NOT for Apex CRUD/FLS enforcement (use soql-security or apex-crud-and-fls), NOT for Shield encryption (use shield-encryption-key-management), NOT for AppExchange security review process (use secure-coding-review-checklist).
visualforce-security-and-modernization
Use when hardening or modernizing legacy Visualforce pages — covers the platform CSRF token model and when disabling it is a security regression, view state encryption guarantees and the 170 KB ceiling, FLS/CRUD enforcement gaps on `<apex:outputField>` and on getters that return sObjects, `<apex:includeScript>` interaction with the org Content Security Policy, hosting LWC inside a VF page via `lightning:container` / `lightning-out`, and the retire-vs-harden-vs-leave-alone decision for an inventory of legacy pages. Triggers: 'should I rewrite this Visualforce page in LWC', 'CSRF protection disabled on Visualforce page is that safe', 'community user sees a field they should not on a Visualforce page', 'view state encryption is that enough for sensitive data', 'how do I host an LWC inside a Visualforce page', 'apex:dynamicComponent and apex:actionFunction safe to keep'. NOT for greenfield Visualforce architecture (use apex/visualforce-fundamentals — controller types, view state pattern selection, PDF rendering); NOT for Visualforce email template authoring (use apex/visualforce-email-templates if/when that skill is authored); NOT for general Apex security review across triggers and async (use apex/soql-security and security/secure-coding-review-checklist).
transaction-security-policies
Transaction Security policy creation and configuration: condition builder, enhanced policies, enforcement actions (block, MFA, notification, end session), real-time monitoring mode, and policy troubleshooting. NOT for Event Monitoring log analysis or Shield Event Monitoring setup (use event-monitoring). NOT for Apex testing or debug-log analysis.
sso-saml-troubleshooting
Diagnosing broken SAML SSO into Salesforce — IdP-initiated vs SP-initiated flows, signing-certificate validity / expiry, NameID format mismatches, RelayState handling, audience / entityId / issuer mismatches, clock skew, the SAML Assertion Validator in Setup, the Login History debug log, and the My Domain prerequisite for SSO. Covers the standard diagnostic loop: read the SAML response, identify which check failed, fix at the IdP or SP. NOT for OAuth / OpenID Connect SSO (see security/oauth-openid-troubleshooting), NOT for setting up SSO from scratch (see security/sso-saml-setup).