Skills
skills/forcedotcom/afv-library/retrieving-datacloud/Gen Agent Trust Hub

retrieving-datacloud

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes multiple commands using the sf data360 CLI plugin to perform SQL queries, search operations, and metadata introspection (e.g., sf data360 query sql, sf data360 search-index list).
  • [COMMAND_EXECUTION]: The skill executes a Node.js script located at a specific local path: node ~/.claude/skills/orchestrating-datacloud/scripts/diagnose-org.mjs to verify org readiness.
  • [EXTERNAL_DOWNLOADS]: The skill documentation specifies a dependency on an 'external community sf data360 CLI plugin', which must be installed in the environment for the skill to function.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it processes untrusted data from Data Cloud SQL results.
  • Ingestion points: SQL query results and table descriptions enter the agent's context through sf data360 query commands in SKILL.md.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands within query results are present.
  • Capability inventory: The skill has access to shell command execution via the sf CLI and node subprocesses in SKILL.md.
  • Sanitization: There is no evidence of sanitization or filtering of the external content retrieved from Data Cloud before it is interpreted by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 02:37 PM
Security Audit — agent-trust-hub — retrieving-datacloud