Two agent worlds, two risk profiles
Agentforce agents are native to Salesforce: you can see their instructions, allowed actions, and confirmation requirements. External agents connecting in over Hosted MCP are far thinner — you typically get the login and after-the-fact logs, but not a real-time, tool-by-tool account of what they did. Treating both the same is a mistake.