awawausb-webusb-firefox

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's "Using WebUSB in Web Pages" section shows it exposes navigator.usb to web pages, meaning arbitrary/untrusted third-party webpages can call the API and thereby direct the extension/native stub to perform USB operations, which can materially influence tool actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). Yes — the skill includes instructions that modify system-wide state (writing manifests to /usr/lib or /Library paths, editing /etc/udev/rules.d, running sudo apt install and udevadm with sudo, and registry edits on Windows), which require elevated privileges and can change the machine's configuration.