data360-activate
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
sfCLI with thedata360plugin to list and create activations and targets. This is standard functionality for the Salesforce Data Cloud context. - Evidence:
sf data360 activation listin SKILL.md. - [COMMAND_EXECUTION]: The skill runs a local Node.js script to perform organization diagnostics.
- Evidence:
node ../data360-orchestrate/scripts/diagnose-org.mjsin SKILL.md. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it reads user-provided JSON files to configure activation assets.
- Ingestion points:
target.json,activation.json, andaction.jsonin SKILL.md. - Boundary markers: Absent.
- Capability inventory: Subprocess execution via
sfCLI andnodein SKILL.md. - Sanitization: Absent.
Audit Metadata