holoscan-install-wheel
Warn
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: Instructions include the use of sudo to execute the /opt/nvidia/holoscan/examples/download_example_data command for downloading example data files. It also uses python3 -c to perform inline string replacements in configuration files and sets system resource limits with ulimit.
- [REMOTE_CODE_EXECUTION]: The skill downloads Python scripts such as hello_world.py and video_replayer.py from the nvidia-holoscan GitHub repository and executes them locally using the python3 interpreter. These scripts are fetched using a URL that incorporates a dynamically determined version tag.
- [PROMPT_INJECTION]: The skill instructs the agent in Step 0 to fetch and prioritize installation instructions from an external documentation page (docs.nvidia.com) over its own instructions, creating a surface for indirect prompt injection.
- Ingestion points: External installation guide URL at docs.nvidia.com.
- Boundary markers: Absent; external documentation is explicitly given precedence if conflicting.
- Capability inventory: Shell command execution, sudo access, and file system modification capabilities.
- Sanitization: Absent; the skill does not specify validation or sanitization of content from the external documentation source.
- [EXTERNAL_DOWNLOADS]: Fetches example scripts, configuration files, and documentation updates from remote sources including docs.nvidia.com and raw.githubusercontent.com.
- [DATA_EXFILTRATION]: Performs network operations to interact with external NVIDIA servers and PyPI for package installation and resource fetching, which involves requests to domains outside the standard whitelist.
Audit Metadata