iot-security

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly accepts external firmware URLs in "API for safe OTA updates" (PUT /api/iot/ota-update with a firmwareUrl) which means the agent/service will fetch and act on untrusted third-party binaries that can materially change device behavior.