holoscan-install-conda

Fail

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: Downloads a Miniforge installation script from the well-known conda-forge GitHub repository and executes it via bash to establish the Conda environment.
  • [EXTERNAL_DOWNLOADS]: Fetches example Python scripts and YAML configurations from the official NVIDIA Holoscan GitHub repository to verify the SDK installation.
  • [COMMAND_EXECUTION]: Executes system diagnostics like nvidia-smi and runtime configurations such as ulimit. It also instructs the agent to suggest or perform modifications to shell configuration files (e.g., .bashrc) to persist the Conda environment setup across sessions.
  • [PROMPT_INJECTION]: The skill directs the agent to retrieve instructions from an external documentation site (docs.nvidia.com) and explicitly states that instructions from that site should take precedence over the skill's own content. This creates a surface for indirect prompt injection if the external documentation content is modified.
  • Ingestion points: The Holoscan SDK installation guide at docs.nvidia.com referenced in Step 0 of SKILL.md.
  • Boundary markers: Absent; there are no specific delimiters to isolate the external instructions from the agent's core logic.
  • Capability inventory: The skill has the capability to execute shell commands, manage Conda environments, and write files in the local workspace.
  • Sanitization: Absent; the agent is instructed to follow the external content without prior validation or filtering.
Recommendations
  • HIGH: Downloads and executes remote code from: https://github.com/conda-forge/miniforge/releases/latest/download/Miniforge3-Linux-x86_64.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 18, 2026, 04:34 PM
Security Audit — agent-trust-hub — holoscan-install-conda