data360-segment

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes various sf (Salesforce CLI) commands to list, create, publish, and query Data Cloud segments and calculated insights. It also executes a local diagnostic script using Node.js.
  • [EXTERNAL_DOWNLOADS]: The skill requires the sf data360 CLI plugin. While this is an external dependency, it is a standard component of the Salesforce development ecosystem for Data Cloud.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data, specifically Data Cloud SQL queries and segment JSON definitions.
  • Ingestion points: Data Cloud segment definitions (segment.json) and calculated insight definitions (ci.json) read during creation tasks.
  • Boundary markers: None identified in the instructions to delimit user-provided SQL or JSON from agent instructions.
  • Capability inventory: The skill has the capability to execute shell commands via the sf CLI and node, and it can perform queries against the Data Cloud instance.
  • Sanitization: There is no mention of sanitizing or validating the SQL or JSON content before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 01:15 PM
Security Audit — agent-trust-hub — data360-segment