nocobase-publish-manage
Warn
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes local commands via
nodeandspawnSyncto interact with thenocobase-ctlCLI tool for environment and plugin management tasks, including dynamic resolution of script paths on the filesystem.\n- [COMMAND_EXECUTION]: Facilitates remote command execution viasshwhen utilizing theremote_ssh_clichannel for application deployment.\n- [EXTERNAL_DOWNLOADS]: Downloads binary migration packages and application backups from remote source URLs provided as arguments to the publish action.\n- [DATA_EXFILTRATION]: Transmits API tokens to external URLs specified in the user's request; tokens are sourced from environment variables or the configuration file~/.nocobase-ctl/config.json. This behavior is consistent with the vendor's tooling for managing its own platform credentials.\n- [PROMPT_INJECTION]: Consumes unstructured text from CLI tool output and remote API responses, creating an attack surface for indirect prompt injection where malicious instructions could be embedded in data processed by the agent.\n - Ingestion points: Standard output of
nocobase-ctland JSON payloads from remote API calls.\n - Boundary markers: Absent when presenting external data to the agent for decision-making.\n
- Capability inventory: Local command execution (
spawnSync), remote command execution (ssh), file system writes (fs.writeFileSync), and network requests (fetch).\n - Sanitization: Employs
jsonSafeparsing,stripAnsifor terminal output cleaning, andshellQuotefor escaping SSH command arguments.
Audit Metadata