nocobase-swagger-fetch
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The script scripts/get-swagger.sh invokes a local script nocobase-api.sh from a related skill directory. This execution is part of the intended inter-skill communication within the NocoBase ecosystem and uses proper quoting to handle arguments.
- [EXTERNAL_DOWNLOADS]: The skill performs an API request to a NocoBase endpoint to retrieve documentation. This is the core functionality of the skill and targets vendor-owned infrastructure.
- [PROMPT_INJECTION]: The skill ingests Swagger/OpenAPI data from a remote API (ingestion point: scripts/get-swagger.sh). While no explicit boundary markers or sanitization are present, the workflow involves discovery and request construction, presenting low risk of automated instruction execution.
Audit Metadata