nocobase-env-manage
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill is primarily designed to execute shell commands using the
nbCLI. It manages the full lifecycle of NocoBase applications, including installation (nb init --ui), upgrades, and process management. - [CREDENTIALS_UNSAFE]: The instructions direct the agent to handle sensitive authentication tokens (
app_token) and pass them as cleartext command-line arguments (--access-token <token>) when adding new environments. This practice can expose credentials in process lists or shell history. - [PROMPT_INJECTION]: The skill includes instructions that may influence the agent to prompt users to bypass security controls. Specifically, it directs the agent to ask the user to "elevate" or open URLs "outside the sandbox" if the environment restricts browser access. This encourages the circumvention of platform security boundaries.
- [EXTERNAL_DOWNLOADS]: The troubleshooting documentation suggests installing the vendor's CLI tool using
npm i -g @nocobase/cliif it is missing from the environment. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through tool outputs.
- Ingestion points: The agent parses the output of
nb env listto identify the active environment and determine its next steps (documented inSKILL.md). - Boundary markers: There are no instructions or delimiters defined to ensure the agent ignores potentially malicious content embedded in the CLI output.
- Capability inventory: The agent has access to powerful tools including
Bashand file system operations (Read,Write). - Sanitization: The skill does not implement validation or sanitization of the CLI output before using it to derive environment names for subsequent destructive commands like
upgradeorremove.
Audit Metadata