data360-connect

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using the Salesforce CLI (sf data360) and a local utility script (node ../data360-orchestrate/scripts/diagnose-org.mjs). These operations are consistent with the skill's purpose of infrastructure management and use vendor-specific tooling.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection attack surface by processing metadata from external source systems.
  • Ingestion points: Metadata is retrieved via commands like sf data360 connection objects and sf data360 connection fields as specified in the SKILL.md workflow.
  • Boundary markers: There are no explicit instructions or delimiters provided to ensure the agent ignores potential instructions embedded in the external metadata.
  • Capability inventory: The agent has the capability to execute shell commands and interact with Salesforce orgs, which could be abused if malicious metadata is processed and followed as instructions.
  • Sanitization: The skill documentation does not outline any sanitization or validation steps for data retrieved from external connectors before it enters the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 01:15 PM
Security Audit — agent-trust-hub — data360-connect