nocobase-plugin-development
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses official NocoBase CLI tools (yarn pm create, yarn pm enable, yarn build) for legitimate development workflows. These commands are scope-restricted to the plugin development process.
- [COMMAND_EXECUTION]: A critical safety gate is included for the 'yarn nocobase install -f' command, noting that it resets the database and requires explicit user confirmation.
- [EXTERNAL_DOWNLOADS]: The skill references official NocoBase documentation at docs.nocobase.com and source code examples from the official nocobase/nocobase GitHub repository. These are verified vendor-controlled resources.
- [PROMPT_INJECTION]: Although the skill accepts natural language requirements, it mandates a 'Plan Confirmation' step (Step 2) that acts as a human-in-the-loop control before any code generation or command execution occurs.
- [CREDENTIALS_UNSAFE]: Code templates provided for collections and API handlers do not contain hardcoded secrets and encourage standard practices for managing configuration.
Audit Metadata