Skills
skills/forcedotcom/sf-skills/orchestrating-datacloud/Gen Agent Trust Hub

orchestrating-datacloud

Fail

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill's setup process fetches external resources from a personal GitHub account (Jaganpro) rather than the official Salesforce (forcedotcom) or other trusted repositories. Specifically, scripts/bootstrap-plugin.sh clones https://github.com/Jaganpro/sf-cli-plugin-data360.git and references/plugin-setup.md references scripts from https://raw.githubusercontent.com/Jaganpro/sf-skills/.
  • [REMOTE_CODE_EXECUTION]: The skill facilitates the execution of remote code in two ways:
  • scripts/bootstrap-plugin.sh clones an external repository, runs yarn install and npx tsc, and then links it as a Salesforce CLI plugin using sf plugins link .. This integrates unverified code into the user's CLI environment.
  • references/plugin-setup.md explicitly instructs the user to execute a remote Python script via the dangerous pattern: curl -sSL https://raw.githubusercontent.com/Jaganpro/sf-skills/main/tools/install.py | python3 -.
  • [COMMAND_EXECUTION]: The script scripts/verify-plugin.sh contains a command injection vulnerability. It iterates through a list of commands and executes them using bash -lc "${command}". The command variable is constructed by interpolating the ${ORG} argument without sanitization (e.g., sf data360 connection connector-list -o "${ORG}"), which allows an attacker to execute arbitrary shell commands by providing a malicious org alias.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 14, 2026, 02:48 PM