The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its core function involves processing and presenting data from Salesforce Data Cloud to the agent context.
Ingestion points: Data retrieved from SQL queries, vector searches, and search index metadata via CLI commands (SKILL.md).
Boundary markers: The instructions lack explicit delimiters or safety warnings to ignore embedded instructions within the retrieved data.
Capability inventory: The skill has the ability to execute shell commands and run local Node.js scripts based on current context (SKILL.md).
Sanitization: There is no defined process for validating or escaping the results returned by Data Cloud before they are processed by the agent.
[COMMAND_EXECUTION]: The skill utilizes shell commands for operational tasks and environment validation.
It uses the sf CLI for Data Cloud operations, including SQL queries and search index management (README.md).
It executes a local diagnostic utility located at ../data360-orchestrate/scripts/diagnose-org.mjs using the Node.js runtime (SKILL.md).

data360-query