Security audit
SF Plugin Core Assets Test
Security checks across malware telemetry and agentic risk
Overview
Prompt-injection indicators were detected in the submitted artifacts (you-are-now); human review is required before treating this skill as clean.
This appears safe to install as a Salesforce template/documentation bundle, but use care with sub-skills that touch a real Salesforce org. Review generated code and metadata before applying it, prefer sandboxes for testing, and keep OAuth secrets and refresh tokens out of prompts, logs, and shared files. ClawScan detected prompt-injection indicators (you-are-now), so this skill requires review even though the model response was benign.
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Static analysis
No suspicious patterns detected.
