The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the Bash tool to execute local scripts (get-swagger.sh and nocobase-api.sh) with parameters derived directly from user input. Specifically, the <METHOD>, <ENDPOINT>, and [JSON_OR_FILE] arguments are passed to shell commands. This dynamic assembly of commands without visible sanitization or escaping could allow for command injection if an attacker provides inputs containing shell metacharacters like semicolons, pipes, or backticks.
[PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection, which could lead to unauthorized actions if the agent processes malicious instructions embedded in external data.
Ingestion points: User-provided strings for collection names, operations, and JSON payloads, as well as the content of Swagger/OpenAPI specifications fetched via get-swagger.sh from the NocoBase server.
Boundary markers: None. The workflow does not utilize delimiters or specific instructions to the agent to disregard embedded directives within the processed data.
Capability inventory: The skill possesses Bash execution privileges to interact with the system and Read access to local files.
Sanitization: None. There is no evidence of validation, filtering, or escaping of inputs before they are interpolated into execution strings or used to drive agent logic.

nocobase-data-modeling