Agents
Salesforce Agent Flows Architectural Flaw: Form Inputs Processed as Trusted Instructions Enable Prompt Injection
Security researchers disclosed that Salesforce's Agent Flows have a fundamental architectural flaw where form inputs are processed as trusted instructions rather than untrusted data, enabling attackers to embed malicious prompts that the agent executes as legitimate commands. The flaw represents a class-level vulnerability in how enterprise agent platforms handle the trust boundary between user-supplied data and agent instructions. Microsoft patched a similar data-leak issue (CVE-2026-21520 'ShareLeak' in Copilot) in the same disclosure cycle.
Source
↳ Follow the thread