zapret-openwrt-guide

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflows explicitly fetch and ingest public third-party content (e.g., update-pkg.sh downloads release metadata and ZIP archives from GitHub: https://raw.githubusercontent.com/.../gh-pages/releases/ and dwc.sh downloads test sets from hyperion-cs.github.io/dpi-checkers), and those downloaded artifacts are parsed and used to drive decisions (update/install actions, diagnostic conclusions and strategy selection) — i.e., untrusted external content can materially influence tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's updater (update-pkg.sh) explicitly fetches release metadata from https://raw.githubusercontent.com/remittor/zapret-openwrt/gh-pages/releases/ and can download/install ZIP archives at runtime, which causes remote code/artifacts to be executed/installed and therefore is a runtime external dependency that controls execution.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill gives detailed, actionable instructions for modifying system-level configs, init/service scripts, custom.d hooks, and updating packages on the router—operations that change machine state and require root privileges.