flox-environments

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs agents to fetch and apply remote, user-published manifests and packages from FloxHub and public package indexes (e.g., "flox activate -r owner/env-name", "[include] base.floxhub = 'myorg/python-base'", and "flox search/install"), and those remote manifests/hooks can contain arbitrary user-generated scripts that run on activation and materially change agent behavior.