sf-datacloud-act
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill frequently executes Salesforce CLI commands (
sf data360) and a local Node.js script (diagnose-org.mjs) to interact with Salesforce Data Cloud orgs. - [EXTERNAL_DOWNLOADS]: The skill requires an 'external community sf data360 CLI plugin', which is a third-party dependency not included in the standard Salesforce CLI distribution.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes data from external Salesforce orgs and user-provided JSON files to drive downstream actions.
- Ingestion points: Data retrieved from Salesforce via
sf data360commands and content from local configuration files liketarget.jsonoractivation.json(as described inSKILL.md). - Boundary markers: None present. The instructions do not define delimiters or warnings to ignore embedded instructions in the ingested data.
- Capability inventory: The skill has the ability to execute CLI commands and run local Node.js scripts (
diagnose-org.mjs), which could be misused if manipulated by malicious data. - Sanitization: No evidence of sanitization or validation of the data retrieved from Salesforce or local files before use in subsequent operations.
Audit Metadata