nocobase-env-bootstrap
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs extensive system administration by invoking
docker,yarn,git, and database CLI clients (psql,mysql). These commands are necessary for the skill's primary function of environment provisioning and lifecycle management. - [EXTERNAL_DOWNLOADS]: Fetches deployment artifacts and Docker images from official NocoBase infrastructure, including its Docker registry on Aliyun and its repository on GitHub. These are verified vendor-owned sources.
- [PROMPT_INJECTION]: The diagnostic functionality creates a surface for indirect prompt injection (Category 8) by reading external data sources into the agent's context.
- Ingestion points:
scripts/collect-diagnostics.shandscripts/collect-diagnostics.ps1capture Docker container logs and parse.envfiles. - Boundary markers: No specific delimiters are used to wrap the captured log data in the diagnostic output.
- Capability inventory: The skill possesses significant capabilities including arbitrary shell command execution (
Bashtool) and file system modification (Writetool). - Sanitization: The skill explicitly filters environment variables to avoid exposing secrets like
DB_PASSWORDin diagnostics, though container logs are not filtered for potentially malicious instructions. - [COMMAND_EXECUTION]: Employs a dynamic resolution pattern in
scripts/run-ctl.mjsto locate and execute the application's CLI entrypoint (run.js). The script traverses the directory hierarchy to find a local installation and falls back to global binaries, which is a standard pattern for developer tooling wrappers.
Audit Metadata