nix-flakes
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION] (MEDIUM): The skill includes instructions to run code from remote repositories using
nix run github:numtide/treefmt. Because the source organization (numtide) is not on the trusted list, this is considered a high-risk operation, downgraded to medium given it is the primary function of the Nix toolset. - [COMMAND_EXECUTION] (LOW): Commands such as
nix build,nix run, andnix developallow for the execution of arbitrary scripts and binaries defined within aflake.nixfile. This represents a significant attack surface if the agent is directed to operate on malicious or untrusted project files. - [EXTERNAL_DOWNLOADS] (LOW): The skill references
github:NixOS/nixpkgsfor prefetching and project initialization. Although NixOS is a reputable project, it is not explicitly listed as a trusted GitHub organization in the security policy. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection through manipulated Nix configuration files.
- Ingestion points:
flake.nixandflake.lockfiles within the working directory. - Boundary markers: Absent. The skill does not implement delimiters or warnings to ignore embedded instructions within the Nix files.
- Capability inventory: Capability to execute subprocesses and system commands via
nix runandnix develop --command. - Sanitization: Absent. Nix evaluation does not sanitize strings used in command execution steps.
Audit Metadata