enterprise-agent-builder
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The generated agent architecture is designed to ingest untrusted data from enterprise platforms which could contain malicious instructions intended to manipulate the agent's logic or tool usage.
- Ingestion points: Data retrieved from target platforms via the 'fetch_context' tool defined in SKILL.md.
- Boundary markers: Absent; the system prompt template for the generated agent does not define clear delimiters to separate external data from system instructions.
- Capability inventory: The generated agent includes a 'take_action' tool capable of creating, updating, and notifying in target systems (SKILL.md).
- Sanitization: Absent; the templates do not include explicit logic to validate or escape external content before processing.
- [COMMAND_EXECUTION]: The provided code templates for Salesforce (Apex) and Snowflake (Snowpark) utilize string concatenation and f-strings for building database queries. This creates a potential risk for SQL or SOQL injection if the variables being interpolated (such as record types or filters) are derived from untrusted input without validation.
Audit Metadata