nixos-btw

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly runs and updates remote flakes and tools from public GitHub and other registries (e.g., "nix run github:nix-community/disko", flake inputs like "github:NixOS/nixpkgs...", and "nix flake update") as part of normal operation, meaning it fetches and evaluates untrusted public third-party content that can materially change commands and activation behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs runtime commands that fetch and execute remote flakes (e.g., "nix run github:nix-community/disko" / https://github.com/nix-community/disko and "nix run github:nix-community/nixos-anywhere" / https://github.com/nix-community/nixos-anywhere), which pulls and runs remote code during skill execution, so these are runtime external dependencies that execute remote code.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs system-level administration (nixos-rebuild, nixos-install, editing /etc/nixos, disk/partitioning with disko, GC, kernel changes, home-manager/darwin-rebuild, etc.), i.e. privileged commands that modify system files and state and therefore can change or compromise the machine.