The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The documentation in references/plugin-setup.md provides an instruction to pipe a remote script to the Python interpreter: curl -sSL https://raw.githubusercontent.com/Jaganpro/sf-skills/main/tools/install.py | python3. This is a high-risk pattern that executes unverified code from an external repository not listed as a trusted vendor resource.
[EXTERNAL_DOWNLOADS]: The scripts/bootstrap-plugin.sh script clones a third-party repository (https://github.com/Jaganpro/sf-cli-plugin-data360.git) and executes yarn install. This action downloads and installs an unknown number of external dependencies and code which are not subject to the security controls of the primary vendor's infrastructure.
[COMMAND_EXECUTION]: The scripts/bootstrap-plugin.sh script performs sf plugins link ., which installs the downloaded external code as a persistent plugin within the Salesforce CLI environment. This grants the third-party code broad access to the user's authenticated Salesforce orgs.
[COMMAND_EXECUTION]: The scripts/diagnose-org.mjs and scripts/verify-plugin.sh scripts programmatically execute shell commands using spawnSync and subshells. These scripts pass user-supplied input, such as org aliases and table names, as arguments to these commands. While the use of argument arrays in Node.js mitigates some shell injection risks, it remains a critical path for potential misuse if the underlying CLI tool handles input unsafely.
[DATA_EXFILTRATION]: While no direct exfiltration was detected, the combination of executing code from an external repository and the ability to access sensitive Salesforce org data creates a significant risk surface for data exposure.

data360-orchestrate