Skills
skills/forcedotcom/afv-library/orchestrating-datacloud/Gen Agent Trust Hub

orchestrating-datacloud

Fail

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The script scripts/bootstrap-plugin.sh clones an external repository (github.com/Jaganpro/sf-cli-plugin-data360.git) and links it into the Salesforce CLI as a plugin. Additionally, references/plugin-setup.md instructs users to pipe a remote script from raw.githubusercontent.com/Jaganpro/sf-skills/main/tools/install.py directly into the python3 interpreter, which is a high-risk execution pattern.
  • [EXTERNAL_DOWNLOADS]: The skill downloads code, configuration, and dependencies from unverified external sources, specifically the Jaganpro GitHub account, which is not identified as a trusted vendor. This includes cloning a repository and potentially installing Node.js packages via yarn install inside the downloaded plugin.
  • [COMMAND_EXECUTION]: Multiple scripts, including scripts/diagnose-org.mjs, scripts/verify-plugin.sh, and scripts/bootstrap-plugin.sh, execute various shell commands and child processes to manage the environment, compile code, and interact with the Salesforce CLI.
  • [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface in scripts/diagnose-org.mjs. This script ingests and processes stdout/stderr data from external CLI outputs without sufficient sanitization, boundary markers, or validation of the source content before it is processed by the agent context.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
May 14, 2026, 02:37 PM
Security Audit — agent-trust-hub — orchestrating-datacloud