jetson-download-bsp
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches official Jetson Linux BSP images, sample root filesystems, and development tools from NVIDIA's developer portal (developer.nvidia.com).
- [COMMAND_EXECUTION]: Employs standard shell utilities including
curlfor network fetches,mkdirfor directory structure creation,mvfor file management,dffor disk space verification, andfilewithgrepfor archive format validation. - [PROMPT_INJECTION]: The skill processes release data and download links from NVIDIA's web archive.
- Ingestion points: External web content from developer.nvidia.com used to identify concrete release tokens and artifact URLs (SKILL.md).
- Boundary markers: Not explicitly implemented, but the skill requires concrete release tokens matching the official page and forbids synthesized URLs.
- Capability inventory: Shell command execution via
curl,mkdir,mv,df, andfile(SKILL.md). - Sanitization: Implements 3-attempt discovery retries and requires explicit user confirmation for incompatible release overrides or manual browser-based downloads.
Audit Metadata