salesforce
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill retrieves and processes data from Salesforce CRM records, creating an indirect prompt injection surface. Malicious content within CRM fields could potentially influence the agent's behavior. * Ingestion points: Salesforce API responses processed in SKILL.md. * Boundary markers: Absent; data is integrated into the agent context without delimiters. * Capability inventory: Shell execution (bash) and file system writes (/tmp/sf_request.json) in SKILL.md. * Sanitization: None; data is formatted via jq without content validation.
- [COMMAND_EXECUTION]: The skill executes shell commands using bash -c to run curl for Salesforce API interactions. This is the core method for record management.
- [DATA_EXFILTRATION]: The skill transmits data to the Salesforce API endpoint specified by the SALESFORCE_INSTANCE_URL secret. Salesforce is a well-known enterprise service, and this behavior aligns with the skill's documented CRM management purpose.
Audit Metadata