nim-operator-install

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill performs legitimate cluster management operations as described in its documentation. No malicious patterns, obfuscation, or unauthorized data exfiltration were detected.
  • [COMMAND_EXECUTION]: The skill uses standard CLI tools (kubectl, helm) to interact with the Kubernetes cluster. These operations are restricted to discovery and deployment tasks consistent with the skill's purpose. The instructions explicitly mandate user confirmation for all mutating commands.
  • [EXTERNAL_DOWNLOADS]: The skill references the official NVIDIA Helm repository at https://helm.ngc.nvidia.com/nvidia. As this is a well-known service belonging to the vendor (NVIDIA), it is considered a safe source for fetching deployment charts.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests data from the Kubernetes environment (e.g., node list, pod status, and CRD presence) using discovery commands. While this data could theoretically be manipulated by a malicious actor already present in the cluster to influence the agent, the skill mitigates this risk by requiring the user to review and approve all subsequent installation or upgrade commands.
  • Ingestion points: Cluster discovery commands in SKILL.md and scripts/validate-nim-operator-install.sh (e.g., kubectl get nodes, helm status).
  • Boundary markers: The 'Safety Contract' in SKILL.md serves as a procedural boundary by requiring user review before any action.
  • Capability inventory: Resource modification via helm upgrade --install and kubectl apply in SKILL.md.
  • Sanitization: Standard CLI command construction with user review checkpoints.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 01:46 AM
Security Audit — agent-trust-hub — nim-operator-install