Skills
skills/forcedotcom/sf-skills/harmonizing-datacloud/Gen Agent Trust Hub

harmonizing-datacloud

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes sf data360 CLI commands and a local Node.js script (diagnose-org.mjs) to manage and verify Salesforce Data Cloud configurations.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests metadata (DMO/DLO names and schemas) from external Salesforce organizations.
  • Ingestion points: Data entering via sf data360 dmo list, sf data360 identity-resolution list, and sf data360 query describe in SKILL.md.
  • Boundary markers: No markers or delimiters are used to wrap ingested data in the provided instructions.
  • Capability inventory: Shell command execution via sf CLI and execution of a local Node.js script as defined in SKILL.md.
  • Sanitization: No sanitization or validation of the external schema data is present in the skill instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 02:48 PM