nika
Pass
Audited by Gen Agent Trust Hub on Jul 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the terminal to execute the
nikaCLI tool for workflow management, execution, and auditing. This is the intended primary purpose of the skill. - [EXTERNAL_DOWNLOADS]: The documentation references installation through Homebrew (
brew install supernovae-st/tap/nika) and provides links to the official websitenika.sh. These are legitimate distribution channels for the vendor's software. - [DYNAMIC_EXECUTION]: The skill is designed to run workflows defined in
*.nika.yamlfiles. To mitigate risks associated with dynamic task execution, the instructions mandate the use ofnika checkto perform static analysis, type checking, and secret-flow detection before any workflow is executed. - [INDIRECT_PROMPT_INJECTION]: The skill processes external workflow files which may contain embedded instructions. The skill addresses this vulnerability surface by requiring boundary checks and pre-execution analysis via the
nika checkandnika explaincommands to ensure the workflow behavior is understood and safe.
Audit Metadata