data360-connect
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using the Salesforce CLI (
sf data360) and a local utility script (node ../data360-orchestrate/scripts/diagnose-org.mjs). These operations are consistent with the skill's purpose of infrastructure management and use vendor-specific tooling. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection attack surface by processing metadata from external source systems.
- Ingestion points: Metadata is retrieved via commands like
sf data360 connection objectsandsf data360 connection fieldsas specified in theSKILL.mdworkflow. - Boundary markers: There are no explicit instructions or delimiters provided to ensure the agent ignores potential instructions embedded in the external metadata.
- Capability inventory: The agent has the capability to execute shell commands and interact with Salesforce orgs, which could be abused if malicious metadata is processed and followed as instructions.
- Sanitization: The skill documentation does not outline any sanitization or validation steps for data retrieved from external connectors before it enters the agent's context.
Audit Metadata