salesforce-flow

SUSPICIOUS: The skill’s purpose and capabilities generally align with Salesforce Flow generation, and there is no installer, credential harvesting, or obvious malware behavior. However, its core functionality depends on an undocumented MCP pipeline with unclear provenance, and it sends user/local project metadata to that service while forcing autonomous repeated execution without confirmation. Risk is moderate due to unverifiable service trust and opaque data handling, not confirmed malicious intent.