skills/forcedotcom/sf-skills/applying-cms-brand/Snyk

applying-cms-brand

Warn

Audited by Snyk on May 29, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.75). The required runtime workflow calls get_brand_instructions to retrieve promptBody from Salesforce CMS brand content (i.e., text authored/maintained by an outsider to the operating user), which is then fed into the agent’s LLM context as the brand instruction prompt.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

May 29, 2026, 02:37 AM

Issues

1

Security Audit — snyk — applying-cms-brand