provision-nixos-server

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 1.00). This URL is a personal GitHub .keys endpoint (plain-text SSH public keys) — while not an executable, curling it into ~/.ssh/authorized_keys would grant that account direct SSH access to the machine, so using it unverified is a high-risk backdoor vector.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches public, user-controlled content (e.g., Step 3's curl of https://github.com/fred-drake.keys and pulling images/metadata from docker.io via the container fetch/update steps) as a required part of the provisioning workflow, and those third-party artifacts can directly change access or runtime behavior of deployed systems.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). This skill instructs running privileged operations (pct create, colmena apply), modifying system/SSH configuration, and copying private infrastructure keys to provision hosts—actions that change machine state and require elevated privileges, so it should be flagged.