zigbee2mqtt

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's configuration explicitly states Zigbee2MQTT will fetch OTA metadata from a public third-party source ("Z2M fetches from github.com/Koenkk/zigbee-OTA" in references/configuration.yaml.annotated), meaning it ingests untrusted public content that can influence update behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The prompt includes explicit privileged operations (e.g., "sudo systemctl restart", "sudo usermod -aG dialout $USER") and other instructions that change system state (service management, user/group changes, device access), so it encourages actions requiring elevation and modifying the host.