skills/supernovae-st/nika-agents/nika/Gen Agent Trust Hub

nika

Pass

Audited by Gen Agent Trust Hub on Jul 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the terminal to execute the nika CLI tool for workflow management, execution, and auditing. This is the intended primary purpose of the skill.
  • [EXTERNAL_DOWNLOADS]: The documentation references installation through Homebrew (brew install supernovae-st/tap/nika) and provides links to the official website nika.sh. These are legitimate distribution channels for the vendor's software.
  • [DYNAMIC_EXECUTION]: The skill is designed to run workflows defined in *.nika.yaml files. To mitigate risks associated with dynamic task execution, the instructions mandate the use of nika check to perform static analysis, type checking, and secret-flow detection before any workflow is executed.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes external workflow files which may contain embedded instructions. The skill addresses this vulnerability surface by requiring boundary checks and pre-execution analysis via the nika check and nika explain commands to ensure the workflow behavior is understood and safe.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 9, 2026, 09:48 PM
Security Audit — agent-trust-hub — nika