data360-segment
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various
sf(Salesforce CLI) commands to list, create, publish, and query Data Cloud segments and calculated insights. It also executes a local diagnostic script using Node.js. - [EXTERNAL_DOWNLOADS]: The skill requires the
sf data360CLI plugin. While this is an external dependency, it is a standard component of the Salesforce development ecosystem for Data Cloud. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data, specifically Data Cloud SQL queries and segment JSON definitions.
- Ingestion points: Data Cloud segment definitions (
segment.json) and calculated insight definitions (ci.json) read during creation tasks. - Boundary markers: None identified in the instructions to delimit user-provided SQL or JSON from agent instructions.
- Capability inventory: The skill has the capability to execute shell commands via the
sfCLI andnode, and it can perform queries against the Data Cloud instance. - Sanitization: There is no mention of sanitizing or validating the SQL or JSON content before processing.
Audit Metadata