experience-content-media-search
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill's frontmatter and introductory text use directive language intended to influence the agent's routing behavior, such as 'This skill must be activated before any tool is used' and 'Takes PRIORITY and activates FIRST'. These instructions attempt to override standard agent skill selection logic for media search tasks.
- [DATA_EXFILTRATION]: The skill provides instructions for handling media URLs from Salesforce CMS that include query parameters like 'oid' and 'refid'. While these are necessary for functional CDN routing and authentication, they represent the handling and persistence of potentially sensitive identifiers within the user's project files.
- [INDIRECT_PROMPT_INJECTION]: The skill processes data from external search tools, creating an attack surface for indirect prompt injection.
- Ingestion points: Media metadata, titles, and descriptions retrieved from the 'search_media_cms_channels' and 'search_electronic_media' MCP tools.
- Boundary markers: Absent. The instructions do not specify the use of delimiters or warnings to ignore instructions embedded within retrieved search result content.
- Capability inventory: The skill is capable of presenting external data to the user and modifying source code by applying selected media URLs.
- Sanitization: Absent. There are no instructions for validating or filtering content retrieved from the external media sources before it is displayed to the user or integrated into the codebase.
Audit Metadata