agentforce-observe
Warn
Audited by Snyk on Jun 29, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). Outsider-authored free text from production user conversations is ingested into the agent’s LLM context via the STDM path:
getConversationDetails()queriesssot__AiAgentInteractionMessage__dlm.ssot__ContentText__c(user “Input” and agent “Output” messages) and returns it as JSON, which the skill then uses for issue diagnosis/classification and presentation to the LLM.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata