nix-packaging-best-practices

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow explicitly instructs fetching and testing remote archives (e.g., rules/source-files.md shows using fetchurl with "https://.../myapp-${version}..." and rules/quick-testing.md shows wget to download binaries to test), which means the agent would ingest untrusted, public third‑party content whose contents can change packaging decisions and subsequent tool actions.