nixpkgs-register

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs fetching and inspecting public GitHub repositories and releases (e.g., Phase 1 gh search commands and the package.nix templates using fetchFromGitHub, plus reading LICENSE/package-lock.json/homepage URLs), so the agent would ingest untrusted, user-generated web content that directly informs build/packaging decisions.