platform-agentsetup-categories-fetch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The required workflow calls a Salesforce Connect REST API (sf api request rest .../agenticsetup/categories?fetchPrompts=true) and then parses the returned JSON, which includes outsider-authored free text fields (prompts[].text and prompts[].description) originating from the connected org’s prompt library.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill issues runtime calls to the Salesforce REST endpoint (e.g. https://{instance}/services/data/v67.0/agenticsetup/categories?fetchPrompts=true), which returns prompt "text" entries that the agent is intended to present and pass to the LLM — i.e., remote content directly controls prompts at runtime.