nixos

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly instructs the agent to "Use Web Search and Perplexity as need for research and discovering resources," which requires fetching and interpreting open/public third‑party web content that can materially influence decisions and tool use.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt explicitly instructs the agent to create and remove a file under /etc/nixos (a system directory), which is a modification of system files that typically requires root privileges and thus pushes the agent to change the machine's state.