salesforce
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFE
Full Analysis
- Data Ingestion and Integration: The skill processes external CRM data, including activity histories and conversation transcripts, which is essential for its primary function. While this creates a surface for indirect prompt injection, the skill includes instructions for metadata verification and precise tool usage to manage this context safely.
- Ingestion points:
summarize_conversation_transcriptandget_activity_historyinSKILL.md. - Boundary markers: The skill relies on structured tool interactions rather than unconstrained prompt interpolation.
- Capability inventory: Write access is scoped to specific CRM tools such as
update_record,create_account_plan, andassign_target_to_sdrinSKILL.md. - Sanitization: Instructions require verifying Salesforce object and field metadata before any querying or writing takes place.
- Access Control and Policy: The skill's configuration disables implicit invocation, meaning the agent will not perform Salesforce-related tasks unless explicitly directed by the user, providing a layer of oversight for CRM interactions.
- Dynamic Resource Generation: Record links are constructed using instance-specific metadata provided at runtime. This allows the agent to provide accurate, clickable links to the user's own Salesforce records without hardcoding environment-specific URLs.
Audit Metadata