sf-datacloud-retrieve
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local scripts and system commands to perform diagnostics and data operations within Salesforce orgs.
- Evidence: The skill invokes a local script using
node ~/.claude/skills/sf-datacloud/scripts/diagnose-org.mjs(SKILL.md). - Evidence: Multiple calls to the
sf data360CLI are used for SQL queries, describes, and search-index management (README.md, SKILL.md). - [EXTERNAL_DOWNLOADS]: The skill requires an external community-developed plugin for the Salesforce CLI to function.
- Evidence: The compatibility section in SKILL.md specifies: "Requires an external community sf data360 CLI plugin".
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes data from external Salesforce Data Cloud environments.
- Ingestion points: Data retrieved through
sf data360 query sql,sf data360 query describe, andsf data360 search-index list(SKILL.md). - Boundary markers: No delimiters or explicit instructions to ignore embedded commands are present in the provided operational rules.
- Capability inventory: The skill has the ability to execute system commands via the
sfCLI and run Javascript files vianode(SKILL.md). - Sanitization: There is no evidence of output validation or sanitization before the agent interprets retrieved data (SKILL.md).
Audit Metadata