CVE
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes high-privilege system commands including 'nixos-rebuild', 'vulnix', and 'nix' to perform security audits and apply configuration changes. These administrative operations are required for the skill's primary purpose of system maintenance.
- [EXTERNAL_DOWNLOADS]: The skill fetches vulnerability data from the National Vulnerability Database (NVD) and downloads patch files from GitHub repositories. These are well-known technology and government services.
- [REMOTE_CODE_EXECUTION]: The skill downloads patch files from remote GitHub URLs and applies them to the NixOS configuration using the 'patch' utility. This modifies source code that is subsequently built and executed during 'nixos-rebuild'. The workflow includes manual verification steps and dry-runs to mitigate risk.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from external websites.
- Ingestion points: CVE descriptions from 'nvd.nist.gov' and commit data from GitHub are read via 'WebFetch' and search tools ('IdentifyCVE.md', 'ResolveCVE.md').
- Boundary markers: None identified. Instructions do not specify delimiters to separate external data from agent logic.
- Capability inventory: The agent has the ability to execute system-wide configuration changes via 'nixos-rebuild switch' and fetch arbitrary files via 'curl' and 'WebFetch' ('ResolveCVE.md', 'IdentifyCVE.md').
- Sanitization: None identified. Data from external sources is parsed and presented to the user or used to inform patching decisions without explicit sanitization or filtering of potential embedded instructions.
Audit Metadata