hsb-setup
Warn
Audited by Snyk on Jun 18, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). High likelihood: the skill clones a public GitHub repo at runtime and then reads free-form prose files from it (e.g.,
docs/user_guide/*,README.md,docs/failure-playbook.md) into the agent’s LLM context, which is outsider-authored content and can contain indirect prompt-injection payloads.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill explicitly clones and uses the remote repository https://github.com/nvidia-holoscan/holoscan-sensor-bridge.git at runtime (git clone / git pull) and then runs build/run scripts and reads docs from that checkout, so fetched content can execute code and influence the agent's runtime behavior.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs the agent to perform privileged, state-changing operations on a remote/devkit (uses REMOTE_SUDO, network and Docker setup, container builds/runs, persisting HSB_PLATFORM, and may invoke flashing), so it pushes the agent to modify the machine state and requires sudo-level actions.
Issues (3)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W013
MEDIUMAttempt to modify system services in skill instructions.
Audit Metadata