nocobase-env-bootstrap

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt requires collecting secrets (db_password, app_token, possibly generated tokens) and explicitly places them into command-line arguments, install/upgrade script flags, and read-after-write verification/output (including .env/compose writes and "commands executed"), forcing the LLM to include secret values verbatim in its outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's MCP runbook and client-template guidance (references/mcp-runbook.md and references/mcp-client-templates.md) explicitly instruct the agent to "switch to web lookup" and fetch official or community web pages as a fallback, which means the agent will fetch and interpret open/public third-party content (including community sources) that can change its configuration/actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's Docker compose templates reference external container images that are pulled and run at install time (for example registry.cn-shanghai.aliyuncs.com/nocobase/nocobase:latest-full), which are runtime-fetched artifacts that execute remote code and are relied on by the install flow.