nix-setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow and resources explicitly fetch and incorporate public third-party artifacts (e.g., assets/apm.nix uses fetchurl to download apm releases from GitHub, setup_nix.sh downloads Nix tarballs from releases.nixos.org, and several flake shellHooks run commands like opam pin add git+https://github.com/... or moon update) and those artifacts (notably the Agent Package Manager "apm" and registry pins) can supply agent configuration or code that the agent would use and which could materially change its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The apm derivation in assets/apm.nix fetches and installs a prebuilt native apm binary at runtime from GitHub releases (https://github.com/microsoft/apm/releases/download/v${version}/apm-${srcInfo.suffix}.tar.gz), and that binary is a required dependency included in every template which can manage/distribute agent prompts and execute code, so this is a high-confidence runtime external dependency that can control agent behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill explicitly instructs system-level changes (writing /etc/nix/nix.conf, placing /etc/profile.d/nix.sh, and running a curl|sh installer) that modify system files and likely require root/sudo, so it can compromise the machine state.