sf-datacloud

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's setup and runtime explicitly clone and install an external community CLI plugin from public GitHub (e.g., scripts/bootstrap-plugin.sh and references/plugin-setup.md instruct cloning https://github.com/Jaganpro/sf-cli-plugin-data360.git and other upstream repos), so the agent's workflow fetches and depends on untrusted, user-authored third‑party code whose behavior and outputs can materially influence subsequent commands and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill’s setup/bootstrap steps clone and install a remote CLI plugin (git clone https://github.com/Jaganpro/sf-cli-plugin-data360.git) and even suggest running a remote installer via curl/piped Python (curl -sSL https://raw.githubusercontent.com/Jaganpro/sf-skills/main/tools/install.py | python3 …), which are runtime actions that fetch and execute external code that the skill depends on — meeting the criteria for a risky external dependency.