nocobase-workflow-manage
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill documents an indirect prompt injection risk surface inherent in the NocoBase workflow engine's capabilities.\n- Ingestion points: Workflows ingest potentially untrusted data via Webhook triggers (references/triggers/webhook-trigger.md), Collection events (references/triggers/collection.md), and response data from HTTP request nodes (references/nodes/request.md).\n- Boundary markers: No explicit instruction delimiters or boundary markers are documented to isolate interpolated variables from surrounding logic within the workflow configuration.\n- Capability inventory: The system supports high-risk operations including direct SQL execution on the primary database (references/nodes/sql.md), arbitrary HTTP requests (references/nodes/request.md), and dynamic calculations using math.js/formula.js (references/nodes/calculation.md).\n- Sanitization: Documentation does not specify mandatory sanitization, escaping, or validation requirements for external data before it is utilized in downstream high-capability nodes.
Audit Metadata