IoTNet

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests and analyzes PCAP files and live network captures (see "PCAP Analysis (Offline)" and "Live Capture" and examples like "iotnet /path/to/capture.pcap" and "sudo iotnet -i wlan0 -d 60"), meaning it reads arbitrary/untrusted third‑party network payloads as part of its workflow and those payloads can influence analysis results and recommendations, creating a pathway for indirect prompt injection.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (low risk: 0.30). The skill explicitly instructs running live captures with sudo (encouraging privileged operations on the host) but does not direct the agent to escalate itself, modify system files, or create user accounts, so it poses a low but nonzero risk.