data360-orchestrate
Warn
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The script
scripts/bootstrap-plugin.shis designed to clone a community-developed Salesforce CLI plugin from an external repository:https://github.com/Jaganpro/sf-cli-plugin-data360.git. Additionally, documentation inreferences/plugin-setup.mdsuggests downloading an installer script fromhttps://raw.githubusercontent.com/Jaganpro/sf-skills/main/tools/install.py. These resources originate from a source that is not verified as part of the skill author's infrastructure. - [COMMAND_EXECUTION]: The skill relies on several scripts that execute system commands. Specifically,
scripts/bootstrap-plugin.shperforms automated installation tasks includingyarn installandsf plugins link ., which execute code from the downloaded external repository. The scriptscripts/diagnose-org.mjsutilizesnode:child_processto run various Salesforce CLI commands with arguments derived from user input.
Audit Metadata