performing-firmware-malware-analysis

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs the agent to search for and include hardcoded credentials, authorized_keys contents, password entries, and extracted IOCs (e.g., full SSH keys, C2 IPs/ports, hashes) in its report, which requires the LLM to output secret/credential values verbatim.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt explicitly instructs running privileged operations (sudo mount/chroot, copying qemu static, chipsec SPI dumps, firmware flashing/dumping) that modify host state and require elevated access, so it encourages actions that can compromise the machine.