nocobase-env-manage
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a vulnerability surface for indirect prompt injection.
- Ingestion points: In SKILL.md and references/install-runbook.md, the agent is instructed to read external URLs provided by the user and follow the instructions within them if they are presented as official guides.
- Boundary markers: There are no instructions to use boundary markers, delimiters, or to ignore malicious instructions within the fetched external content.
- Capability inventory: The skill is granted Bash, Read, Write, Grep, and Glob tools, and can execute a wide range of nb CLI commands, including app lifecycle and CLI maintenance operations.
- Sanitization: The instructions do not specify any sanitization, validation, or escaping of the content retrieved from external URLs before the agent processes and follows it.
- [COMMAND_EXECUTION]: The skill is designed to execute administrative commands using the nb CLI.
- It manages application lifecycles via nb app (start, stop, upgrade, logs).
- It manages the CLI itself via nb self update.
- It manages installed skills via nb skills update.
- [EXTERNAL_DOWNLOADS]: The skill references the installation and update of external resources.
- It suggests installing the @nocobase/cli Node.js package from the official registry in troubleshooting scenarios.
- It performs updates of the CLI and skills via the nb tool's native update mechanisms (nb self update and nb skills update).
Audit Metadata