direnv
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides instructions for installing the utility using a piped bash script from 'https://direnv.net/install.sh'. This is the official installation method for the software.\n- [EXTERNAL_DOWNLOADS]: Fetches installation scripts and configuration templates from official and community-recognized sources, including 'direnv.net' and GitHub repositories for 'nix-community'.\n- [COMMAND_EXECUTION]: Instructs the user or agent to use elevated privileges ('sudo') for system package management and to modify shell initialization files (e.g., '.zshrc', '.bashrc') to install shell hooks. It also demonstrates the use of 'eval' for dynamic environment loading.\n- [PROMPT_INJECTION]: The skill describes functionality for processing directory-specific configuration files ('.envrc', '.env'), which constitutes an indirect prompt injection surface.\n
- Ingestion points: Processes '.envrc' and '.env' files from project directories as documented in 'SKILL.md' and 'references/stdlib-functions.md'.\n
- Boundary markers: Emphasizes the 'direnv allow' security model, which prevents execution of configuration files until explicitly authorized by the user in 'SKILL.md'.\n
- Capability inventory: Involves shell command execution, environment variable modification, and potential network access via standard library functions like 'source_url' as seen in 'SKILL.md' and 'references/stdlib-functions.md'.\n
- Sanitization: Recommends the use of cryptographic hashes (SHA256) for integrity verification when loading remote scripts in 'references/stdlib-functions.md'.
Audit Metadata