salesforce-automation
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [External Dependency] (LOW): The skill requires the user to configure the Rube MCP server at
https://rube.app/mcp. This is an external service and toolkit (Composio) not included in the predefined trusted list. - [Indirect Prompt Injection] (LOW): The skill processes data from Salesforce that may be controlled by external actors (Category 8).
- Ingestion points: Multiple tool calls including
SALESFORCE_SEARCH_LEADS,SALESFORCE_SEARCH_CONTACTS,SALESFORCE_SEARCH_ACCOUNTS,SALESFORCE_SEARCH_OPPORTUNITIES, andSALESFORCE_RUN_SOQL_QUERY(viaSKILL.md). - Boundary markers: Absent; the skill does not instruct the agent to ignore instructions embedded within the CRM data.
- Capability inventory: Extensive write capabilities including creating/updating records (
SALESFORCE_CREATE_LEAD), managing tasks, and transferring ownership (SALESFORCE_MASS_TRANSFER_OWNERSHIP). - Sanitization: Absent; no mention of escaping or validating data retrieved from Salesforce before processing or displaying it.
Audit Metadata