nix
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill utilizes
nix-prefetch-urlto download content from arbitrary URLs and uses thenixcommand to fetch packages from the Nix ecosystem. These are standard operations for a package manager. - [REMOTE_CODE_EXECUTION] (LOW): Commands like
nix runandnix shellfacilitate the execution of code downloaded from remote repositories. While this constitutes high-privilege capability, it is the primary intended use case for Nix and is generally considered acceptable in the context of development tools. - [COMMAND_EXECUTION] (LOW): The skill provides explicit methods for executing arbitrary commands within defined environments (e.g.,
nix shell --command). - [Indirect Prompt Injection] (LOW): The skill has a vulnerability surface for indirect prompt injection because it processes external data without specific sanitization.
- Ingestion points: Untrusted data enters the context through
nix eval --file ./default.nixandnix-prefetch-url. - Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within ingested files or remote content.
- Capability inventory: The skill possesses powerful capabilities including
nix run(code execution),nix eval(dynamic evaluation), and network access viacurl. - Sanitization: No sanitization or validation logic is present to inspect the content of Nix expressions or fetched sources before processing.
Audit Metadata