nixomatic

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly instructs the agent to fetch and use public nixomatic.com flakes (e.g., "https://nixomatic.com/?p=...") and to consult the public package index at https://search.nixos.org/packages, which causes the agent to ingest and act on third‑party web content that can materially change runtime behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill runtime instructs nix develop to load and evaluate a remote Nix flake from URLs like "https://nixomatic.com/?p=", which is fetched and executed at runtime to produce the environment (i.e., remote code is evaluated/used), so this external URL directly controls execution.