nocobase-acl-manage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly runs the skill-local CLI wrapper (scripts/run-ctl.mjs) to call runtime commands (e.g., acl roles data-sources-collections list, roles_data_source_resources_get, available-actions list, swagger via env update) against a configured NocoBase environment to fetch collection metadata, fields, scopes and role/resource records (see SKILL.md Workflow/Step 2 and the intent-to-tool-map and independent-permissions references), and those runtime reads are required inputs used to resolve collections/actions/fields/scopes and to assemble CLI payloads — meaning untrusted/user-provided runtime content from external NocoBase instances can directly influence tool use and next actions.