salesforce
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the official Salesforce CLI (@salesforce/cli) and references the Salesforce MCP server repository on GitHub. These resources originate from a well-known service provider.
- [COMMAND_EXECUTION]: The skill instructions include executing Salesforce CLI commands (
sf org login,sf data query) and MCP tool calls to interact with Salesforce orgs. This is standard behavior for the skill's intended purpose. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes content from Salesforce records (e.g., Opportunity names, Account details) which may be controlled by external parties.
- Ingestion points: Salesforce record data retrieved through the
run_soql_querytool andsf data querycommand as described inSKILL.md. - Boundary markers: No specific delimiters or instructions are provided to the agent to treat retrieved record data as untrusted content.
- Capability inventory: The agent has the capability to execute shell commands and SOQL queries based on retrieved data.
- Sanitization: There is no evidence of data sanitization or validation performed on the results of the SOQL queries before they are processed by the agent.
Audit Metadata