holoscan-install-wheel

Warn

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: Instructions include the use of sudo to execute the /opt/nvidia/holoscan/examples/download_example_data command for downloading example data files. It also uses python3 -c to perform inline string replacements in configuration files and sets system resource limits with ulimit.
  • [REMOTE_CODE_EXECUTION]: The skill downloads Python scripts such as hello_world.py and video_replayer.py from the nvidia-holoscan GitHub repository and executes them locally using the python3 interpreter. These scripts are fetched using a URL that incorporates a dynamically determined version tag.
  • [PROMPT_INJECTION]: The skill instructs the agent in Step 0 to fetch and prioritize installation instructions from an external documentation page (docs.nvidia.com) over its own instructions, creating a surface for indirect prompt injection.
  • Ingestion points: External installation guide URL at docs.nvidia.com.
  • Boundary markers: Absent; external documentation is explicitly given precedence if conflicting.
  • Capability inventory: Shell command execution, sudo access, and file system modification capabilities.
  • Sanitization: Absent; the skill does not specify validation or sanitization of content from the external documentation source.
  • [EXTERNAL_DOWNLOADS]: Fetches example scripts, configuration files, and documentation updates from remote sources including docs.nvidia.com and raw.githubusercontent.com.
  • [DATA_EXFILTRATION]: Performs network operations to interact with external NVIDIA servers and PyPI for package installation and resource fetching, which involves requests to domains outside the standard whitelist.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 18, 2026, 04:34 PM
Security Audit — agent-trust-hub — holoscan-install-wheel