The Agent Skills Directory

[PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection attack surface. 1. Ingestion points: The skill retrieves untrusted data from various Salesforce objects (Leads, Contacts, Accounts, Opportunities, Tasks) via the search and list tools in SKILL.md. 2. Boundary markers: The instructions lack explicit delimiters or safety warnings to ignore embedded instructions within the processed CRM data. 3. Capability inventory: The skill has the capability to create and update records as well as execute custom SOQL queries (SALESFORCE_RUN_SOQL_QUERY), providing a path for potential exploitation. 4. Sanitization: There is no evidence of sanitization or validation of the data retrieved from the external CRM before it is processed by the agent.
[EXTERNAL_DOWNLOADS]: The skill references and utilizes the Rube MCP service at https://rube.app/mcp to provide its core Salesforce automation capabilities. This is a well-known service for Model Context Protocol integration.

salesforce-automation