podkop-openwrt-guide

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's operations docs explicitly instruct fetching and executing public content from raw.githubusercontent.com (see references/operations.md: `sh <(wget -O
• https://raw.githubusercontent.com/.../install.sh)` and the migration wget -O /etc/config/podkop https://raw.githubusercontent.com/.../podkop/files/etc/config/podkop), meaning it ingests untrusted, user-visible third‑party content that the agent is expected to act on and that can materially change tool use or decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill includes a runtime installation command that fetches and executes remote code (sh <(wget -O
• https://raw.githubusercontent.com/itdoginfo/podkop/refs/heads/main/install.sh)), which directly runs remote content during installation and is presented as the upstream install/update mechanism.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly guides installing/updating Podkop on a live OpenWrt router and modifying system-level files and services (e.g., /etc/config/podkop, dnsmasq, nft rules) and running install scripts, which change the machine state and require root privileges.