telnetshell

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). These URLs include a direct shell script from an untrusted domain (http://attacker.com/shell.sh) — a clear high-risk executable download vector — plus a device-hosted firmware binary (http://device_ip:8000/rootfs.bin) that could legitimately be a firmware dump but can also deliver malicious firmware, while the busybox.net links are official and low-risk; because of the untrusted .sh and binary download vectors the set is suspicious overall.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content contains explicit, high-risk post-exploitation and exfiltration instructions (e.g., dd|nc to attacker, serving firmware via httpd, cat /etc/shadow, adding SSH keys, modifying init scripts to add backdoors, commands to remove traces) that enable credential theft, persistence/backdoors, and data exfiltration—making it malicious/dual-use and high risk if misused.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's telnet_helper.py connects to arbitrary hosts specified via --host and executes/reads shell output (logged to /tmp/telnet_session.log and returned/parsed by the tool), so it directly ingests untrusted, third-party device output that could contain injected instructions.