picocom

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). The set includes a direct shell script URL from an untrusted/suspicious domain (http://attacker.com/shell.sh) and local API endpoints that can trigger device actions, even though other links point to legitimate documentation — the presence of a direct .sh on an attacker-sounding domain makes this collection high risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content includes explicit, actionable instructions and code that enable credential theft, data exfiltration (e.g., nc to attacker), bootloader exploitation, and persistent backdoor installation (adding root users, SSH keys, reverse shells), so it poses a high risk despite dual-use pentesting context.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). This skill explicitly instructs creating backdoor users, modifying /etc/passwd and startup scripts, starting services, and changing bootloader/firmware—which are direct instructions to modify system state (compromising the machine being controlled via the agent) and thus push the agent to perform state-changing, privileged actions.