jetson-download-bsp

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches official Jetson Linux BSP images, sample root filesystems, and development tools from NVIDIA's developer portal (developer.nvidia.com).
  • [COMMAND_EXECUTION]: Employs standard shell utilities including curl for network fetches, mkdir for directory structure creation, mv for file management, df for disk space verification, and file with grep for archive format validation.
  • [PROMPT_INJECTION]: The skill processes release data and download links from NVIDIA's web archive.
  • Ingestion points: External web content from developer.nvidia.com used to identify concrete release tokens and artifact URLs (SKILL.md).
  • Boundary markers: Not explicitly implemented, but the skill requires concrete release tokens matching the official page and forbids synthesized URLs.
  • Capability inventory: Shell command execution via curl, mkdir, mv, df, and file (SKILL.md).
  • Sanitization: Implements 3-attempt discovery retries and requires explicit user confirmation for incompatible release overrides or manual browser-based downloads.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 08:45 PM
Security Audit — agent-trust-hub — jetson-download-bsp