salesforce-automation
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes an external MCP server endpoint (https://rube.app/mcp) to provide its core Salesforce automation capabilities. This is a standard integration method for MCP-based skills.
- [PROMPT_INJECTION]: The skill processes external data retrieved from Salesforce (e.g., Lead and Contact fields), which creates a potential surface for indirect prompt injection attacks where malicious instructions could be embedded in CRM records.
- Ingestion points: Data is ingested from Salesforce through tools such as SALESFORCE_LIST_LEADS, SALESFORCE_SEARCH_CONTACTS, and SALESFORCE_QUERY as defined in SKILL.md.
- Boundary markers: The instructions do not define delimiters or specific warnings to ignore instructions within the retrieved CRM data.
- Capability inventory: The skill provides significant capabilities including data creation, modification, and execution of arbitrary SOQL queries via the tools listed in SKILL.md.
- Sanitization: There are no explicit sanitization steps mentioned for processing data returned from the Salesforce API.
Audit Metadata