salesforce-automation
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface detected due to interaction with untrusted external CRM data.
- Ingestion points: The skill ingests data from Salesforce records (Leads, Contacts, Accounts, Opportunities, Tasks) via tool outputs from functions like
SALESFORCE_SEARCH_LEADSandSALESFORCE_QUERY. - Boundary markers: No specific delimiters or instructions are provided to the agent to distinguish between its instructions and the potentially untrusted content within Salesforce fields.
- Capability inventory: The skill provides significant write and execute capabilities, including
SALESFORCE_CREATE_LEAD,SALESFORCE_UPDATE_TASK, andSALESFORCE_RUN_SOQL_QUERY. - Sanitization: There are no explicit instructions for the agent to sanitize or validate data retrieved from the CRM before performing subsequent actions.
Audit Metadata