Skills
ShareLeak and PipeLeak: Capsule Security Discloses Prompt Injection Vulns in Microsoft Copilot Studio and Salesforce Agentforce That Exfiltrate Data Even After Patching
Capsule Security (launched with $7M seed from stealth) disclosed two agent prompt injection vulnerabilities: ShareLeak (CVE-2026-21520, CVSS 7.5) in Copilot Studio where injected SharePoint form input overrides system instructions and exfiltrates CRM data via Outlook even after Microsoft's patch, and PipeLeak in Salesforce Agentforce where lead capture forms trigger unauthorized agent actions. Both exploit the same structural pattern: agent access to private data + untrusted input + external communication capability.
Source
↳ Follow the thread