devcontainers-nix

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill includes commands that fetch and execute remote install scripts/binaries at runtime (e.g., curl -fsSL https://get.opentofu.org/install-opentofu.sh | sh, curl -fsSL https://get.jetify.com/devbox | bash, and downloads from https://dl.k8s.io/...), so these URLs are used during setup and execute remote code as required dependencies.