salesforce-automation
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from CRM records and possesses significant write capabilities.
- Ingestion points: Salesforce record data, including fields for Leads, Contacts, Accounts, and Opportunities, retrieved via SOQL queries or search tools.
- Boundary markers: Absent; there are no delimiters or instructions to ignore instructions embedded within the CRM data.
- Capability inventory: Includes powerful write actions such as
SALESFORCE_CREATE_LEAD,SALESFORCE_UPDATE_LEAD,SALESFORCE_CREATE_ACCOUNT, andSALESFORCE_MASS_TRANSFER_OWNERSHIP. - Sanitization: No evidence of data validation or sanitization of retrieved Salesforce content before processing.
- [EXTERNAL_DOWNLOADS]: The skill requires connecting to an external MCP server at
https://rube.app/mcp. This is a third-party service dependency necessary for the skill's operations. - [DATA_EXFILTRATION]: Sensitive Salesforce CRM data is retrieved and processed through the Rube MCP infrastructure at
rube.app. Users should be aware that data is transmitted to an external service provider as part of the intended automation workflow.
Audit Metadata