Skills
skills/nocobase/skills/nocobase-install-start/Gen Agent Trust Hub

nocobase-install-start

Pass

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to perform software installation and initialization of the NocoBase environment. It is designed to execute commands on behalf of the user based on provided parameters.
  • [EXTERNAL_DOWNLOADS]: The skill references the 'create-nocobase-app' utility and fetches configuration and documentation from official vendor domains (v2.docs.nocobase.com). These resources originate from the skill's authoring organization.
  • [PROMPT_INJECTION]: The skill processes user-supplied data like directory paths and database connection details to construct shell commands. This represents an indirect prompt injection surface.
  • Ingestion points: Target installation directory and database configuration provided by the user in SKILL.md.
  • Boundary markers: The workflow includes 'Mandatory Clarification' and 'Doc-Read' gates that require agent/user interaction before execution.
  • Capability inventory: Use of the Bash tool for system-level execution and WebFetch for remote content retrieval.
  • Sanitization: The instructions do not explicitly mandate that the agent sanitize or escape user-provided strings before including them in shell command lines.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 26, 2026, 07:26 AM