nocobase-plugin-manage
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local shell commands and Docker CLI for administrative tasks. A helper script dynamically resolves and executes the vendor management CLI from the environment or local filesystem, which is standard for project-specific tooling.
- [DATA_EXFILTRATION]: Remote API operations utilize tokens stored in environment variables. The skill instructions mandate the redaction of these tokens from logs and output, and explicitly prohibit the storage of secrets within the skill own files.
- [PROMPT_INJECTION]: To mitigate risks from processing external data, the skill employs deterministic boundary markers for parsing CLI output. This ensures that the agent correctly interprets plugin metadata as JSON data rather than instructions.
Audit Metadata