nix-flake

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly shows and instructs using remote, public flakes (e.g., inputs like "github:nixos/nixpkgs/..." and the example "nix run github:numtide/treefmt"), which causes the agent to fetch and read/execute untrusted third-party code/content from public GitHub sources as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill includes runtime flake references (github:numtide/treefmt and github:nixos/nixpkgs/nixos-unstable) that nix will fetch and execute (e.g., via nix run or as a flake input), so external content can execute code on the host and affect behavior.