activating-datacloud
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill makes extensive use of the
sf data360CLI plugin to manage Salesforce Data Cloud resources like activation targets and data actions. These commands are executed using the user-provided organization alias. - [COMMAND_EXECUTION]: Executes a local Node.js diagnostic script located at
~/.claude/skills/orchestrating-datacloud/scripts/diagnose-org.mjs. This script is part of the broader Data Cloud skill suite and is used to verify environment readiness before performing modifications. - [EXTERNAL_DOWNLOADS]: The skill metadata notes a dependency on an external community Salesforce CLI plugin (
sf data360). This is a standard requirement for extending the Salesforce CLI functionality for Data Cloud. - [PROMPT_INJECTION]: The workflow involves reading configuration data from local JSON files (e.g.,
target.json,activation.json) and passing them to CLI tools. While this represents a theoretical indirect injection surface if file content is malicious, it is the intended operational mode for this utility.
Audit Metadata