skills/nvidia/nurec-skills/nre/Gen Agent Trust Hub

nre

Pass

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads necessary tools and configuration files from established and verified services.
  • Fetches Docker installation scripts from get.docker.com.
  • Downloads Kubernetes tooling from k8s.io and kind.sigs.k8s.io.
  • Retrieves Go language binaries from go.dev.
  • Pulls official NVIDIA containers from nvcr.io/nvidia/nre.
  • Accesses dataset samples and models from HuggingFace.
  • [COMMAND_EXECUTION]: Extensive use of shell commands is required to orchestrate Docker containers and manage environment variables.
  • scripts/validate_setup.py executes system commands like docker info and nvidia-smi to verify hardware and software prerequisites.
  • Workflow scripts use docker run to execute various sub-commands of the NRE engine (e.g., render, train, export-mesh).
  • Subprocess calls are scoped and do not process unsanitized external input.
  • [REMOTE_CODE_EXECUTION]: Installation steps for core dependencies (Docker, Helm) involve downloading scripts from remote servers and piping them to a shell.
  • These operations target well-known domains and are standard for the setup of the tools they install.
  • [CREDENTIALS_UNSAFE]: The skill requires an NGC_API_KEY for container registry access.
  • Documentation provides security-conscious guidance, recommending the use of --password-stdin to prevent secret exposure in process tables or command history.
  • Placeholder values are used in example environment files.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 21, 2026, 08:50 PM
Security Audit — agent-trust-hub — nre