salesforce-service-cloud-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- Unverifiable Dependencies (LOW): The skill requires the user to add an external MCP server endpoint (https://rube.app/mcp) that is not included in the trusted organizations or repositories list. This endpoint provides the tool schemas and execution logic.
- Indirect Prompt Injection (LOW): The skill processes data from Salesforce and the Rube MCP server, creating a potential injection surface. (1) Ingestion points: Salesforce record data and tool schemas returned by the RUBE_SEARCH_TOOLS function. (2) Boundary markers: Absent; there are no instructions to the agent to ignore instructions embedded in the retrieved data. (3) Capability inventory: The skill can execute various Salesforce operations and manage connections through the RUBE_MULTI_EXECUTE_TOOL and RUBE_MANAGE_CONNECTIONS functions. (4) Sanitization: No sanitization or validation of the external input is specified.
- Dynamic Execution (LOW): The skill utilizes dynamic tool discovery and execution where tool slugs and arguments are determined at runtime via the RUBE_SEARCH_TOOLS response, which is a core feature of the described MCP framework but inherently dynamic.
Audit Metadata