aiq-deploy

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill clones the official NVIDIA AI-Q Blueprint repository from GitHub (github.com/NVIDIA-AI-Blueprints/aiq). This is a well-known and trusted source for this product.
  • [REMOTE_CODE_EXECUTION]: The skill executes several scripts found within the cloned repository (e.g., ./scripts/start_as_skill.sh, ./scripts/start_e2e.sh) to initialize the backend and UI. These are standard entry points for the application and originate from a trusted source.
  • [COMMAND_EXECUTION]: The skill uses local tools including docker compose, curl, kubectl, and helm to deploy, validate, and manage services. These operations are performed in the context of the requested deployment workflow.
  • [DATA_EXFILTRATION]: The skill manages environment variables in a local deploy/.env file. It includes specific Python helper scripts and instructions to verify the presence of API keys without disclosing their values in the agent's output, adhering to safe secret management practices.
  • [SAFE]: Indirect Prompt Injection Surface.
  • Ingestion points: User-provided deployment mode selections and custom server URLs.
  • Boundary markers: None explicitly defined in the prompts, but inputs are logically constrained by the operational workflow.
  • Capability inventory: The skill has access to the Bash tool to execute shell commands and Read to inspect files.
  • Sanitization: The skill uses standard repository checks (e.g., git check-ignore) and conditional logic to prevent accidental overwriting of user secrets.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 11:35 PM
Security Audit — agent-trust-hub — aiq-deploy