Skills
skills/membranedev/application-skills/salesforce/Gen Agent Trust Hub

salesforce

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the @membranehq/cli package from the npm registry. This is a well-known service and the package is the official tool provided by the skill's author.
  • [COMMAND_EXECUTION]: The skill uses the membrane command-line interface to interact with Salesforce APIs. This includes searching for connectors, managing connections, and executing actions. These commands are necessary for the skill's primary functionality.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it retrieves and processes data from Salesforce records (such as Leads, Contacts, and Cases) which may contain untrusted content.
  • Ingestion points: Salesforce record data retrieved via the membrane action run and membrane request commands documented in SKILL.md.
  • Boundary markers: None identified in the provided documentation.
  • Capability inventory: The skill performs subprocess calls to the membrane CLI to perform CRUD operations on Salesforce data.
  • Sanitization: No explicit sanitization or validation of the retrieved Salesforce data is mentioned in the skill instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 08:59 AM