Skills
skills/edmundmiller/dotfiles/nix-rebuild/Gen Agent Trust Hub

nix-rebuild

Warn

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
  • COMMAND_EXECUTION (MEDIUM): The skill uses sudo to execute darwin-rebuild switch. This command modifies the system configuration and Nix store symlinks. The documentation mentions a NOPASSWD sudoers rule, confirming the agent can elevate privileges non-interactively to perform system-wide changes.
  • Indirect Prompt Injection (LOW):
  • Ingestion points: Reads and applies configuration from ~/.config/dotfiles/.
  • Boundary markers: None.
  • Capability inventory: System-wide modification via darwin-rebuild and sudo.
  • Sanitization: None; changes in the dotfiles repository are applied directly to the system. This creates a risk surface where malicious configurations could be applied if an attacker gains write access to the specified directory.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 20, 2026, 06:03 AM