AGENTFORCE-21.1: PII/PHI Payload Leakage in Tool Output
๐จ Critical ยท Data Exfiltration
Detects when agent actions invoke Apex classes that query Salesforce objects containing fields classified as PII, PHI, CCPA, GDPR, HIPAA, or PCI. These regulated fields may be included in the LLM context window, constituting a compliance violation.
Detailsโ
| Field | Value |
|---|---|
| Rule ID | AGENTFORCE-21.1 |
| Severity | Critical |
| Category | Data Exfiltration |
| Compliance | HIPAA, PCI_DSS, EU_AI_ACT_HIGH_RISK |
Remediationโ
Refer to the SquireX documentation for
remediation guidance specific to AGENTFORCE-21.1.