applying-cms-brand
Pass
Audited by Gen Agent Trust Hub on May 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface as it is designed to ingest and strictly follow instructions retrieved from Salesforce CMS.
- Ingestion points: Data is retrieved via search_brands and get_brand_instructions tools as described in SKILL.md.
- Boundary markers: Instructions do not specify delimiters to isolate retrieved brand data from the agent's core instructions.
- Capability inventory: The skill influences content generation and applies retrieved rules to the agent's output.
- Sanitization: No explicit validation or filtering of the retrieved CMS content is performed before use.
Audit Metadata