package-npm-nix

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and inspects public npm tarballs (https://registry.npmjs.org/...) and GitHub source archives (fetchFromGitHub), and directs the agent to read package.json, dist/src contents and lockfiles (bun.lock), which are untrusted, user-provided third‑party content the agent must parse and act on.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The Nix derivations fetch and unpack remote source tarballs at build time (e.g. https://registry.npmjs.org/pkg/-/pkg-1.0.0.tgz and https://github.com/org/repo/archive/v1.0.0.tar.gz) and then run build steps like bun install / bun run build, so external code fetched from those URLs is required and will be executed during the build.