bk-cli-nodeman
Pass
Audited by Gen Agent Trust Hub on Jul 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes the
bk-cli nodemancommand-line utility to perform administrative actions such as installing agents and fetching job details. - [CREDENTIALS_UNSAFE]: The
install_jobcommand pattern involves passing a JSON object containing apasswordfield as a command-line argument. This is a potential security risk as sensitive credentials may be visible in process listings or shell history during execution. - [PROMPT_INJECTION]: The skill uses the 'CRITICAL' keyword to emphasize documentation dependencies ('MUST 先用 Read 工具读取'). This is evaluated as a benign instructional pattern for developer workflow and not a malicious bypass attempt.
Audit Metadata