nix-profile-manager
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (LOW): The skill allows the agent to install and execute software from arbitrary Nix flakes hosted on GitHub. While this is the primary purpose of the skill, it creates a mechanism for the agent to run untrusted code from external sources.
- Indirect Prompt Injection (LOW): The skill documentation describes how to search for and parse package metadata (JSON format) from external repositories. This creates an attack surface where malicious instructions could be embedded in package descriptions or names to influence agent behavior. (1) Ingestion points: 'nix search' output in package-search.md; (2) Boundary markers: Absent; (3) Capability inventory: 'nix profile add' and execution of installed binaries; (4) Sanitization: Absent.
- Privilege Escalation (SAFE): The skill explicitly instructs agents to manage local profiles and avoids requiring sudo or administrative access, adhering to the principle of least privilege.
- Prompt Injection (SAFE): No direct prompt injection, role-play, or system prompt extraction patterns were detected in the skill's instructions or metadata.
Audit Metadata