nix

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill includes numerous examples that fetch and evaluate public, user-provided sources (e.g., inputs.url = "github:...", builtins.fetchurl/fetchFromGitHub, and commands like "nix develop github:owner/repo" / "nix shell github:..."), so it clearly ingests untrusted third‑party web content (GitHub/URLs) as part of its workflow.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly includes and instructs use of sudo commands (e.g., sudo nixos-rebuild, sudo nix-collect-garbage -d) and shows how to modify system-level NixOS/darwin configurations and services, which directs the agent to perform privileged, state-changing operations on the machine.