reverse-engineering-firmware-analysis

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly searches for, extracts, reports, and even stores plaintext credentials and API tokens (with concrete example secrets shown and memory storage of passwords), which requires the agent to handle and output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly downloads and processes firmware and device web interfaces from arbitrary vendor URLs and public device UIs (e.g., the example "wget http://vendor.com/..." and the firmadyne-analyzer.js "web interface detection and crawling" / "--crawl-web-interface" capability), so the agent ingests untrusted third-party content as part of its workflow.