sf-ai-agentforce-grid

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests org-hosted, user-generated content (e.g., worksheet data via /worksheets/{id}/data, prompt templates and metadata via get_prompt_templates/get_list_views, and other Grid REST/MCP endpoints shown in SKILL.md and the scripts like scripts/worksheet_to_rows.mjs and scripts/grid_smoke_test.mjs) and then uses that content to construct AI/Agent/prompt_template columns and drive downstream actions, so untrusted third-party text in the org could indirectly inject instructions that affect tool decisions.