sf-datacloud

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and uses a public GitHub community plugin (see scripts/bootstrap-plugin.sh and references/plugin-setup.md which clone https://github.com/gthoppae/sf-cli-plugin-data360.git), and then runs/parses that plugin's sf data360 command outputs (scripts/diagnose-org.mjs, scripts/verify-plugin.sh) as part of the required workflow, so untrusted third‑party code/output can influence tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's bootstrap and manual setup explicitly clone and build the external CLI plugin from https://github.com/gthoppae/sf-cli-plugin-data360.git (via scripts/bootstrap-plugin.sh and git clone), which fetches, installs, compiles, links, and enables remote code that the skill requires at runtime—so this URL delivers and executes code the runtime depends on.