Skills
skills/nocobase/skills/nocobase-plugin-manage/Gen Agent Trust Hub

nocobase-plugin-manage

Pass

Audited by Gen Agent Trust Hub on May 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to run nb plugin commands. User-supplied variables, including plugins, runtime_env_name, and base_dir, are interpolated directly into shell command templates. Without explicit sanitization or escaping of shell metacharacters in the instructions, this creates a potential for command injection.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it ingests untrusted data that influences the execution of powerful tools.
  • Ingestion points: User-provided inputs for plugins, runtime_env_name, and base_dir defined in the Input Contract of SKILL.md.
  • Boundary markers: None identified. There are no instructions to the agent to treat these inputs as literal strings or to ignore embedded instructions.
  • Capability inventory: The skill has access to the Bash tool (used in SKILL.md and references/v1-runtime-contract.md) and the Write tool.
  • Sanitization: The skill instructions do not specify any sanitization, validation, or escaping logic for the user-supplied strings before they are passed to the Bash tool.
Audit Metadata
Risk Level
SAFE
Analyzed
May 1, 2026, 08:37 AM
Security Audit — agent-trust-hub — nocobase-plugin-manage