firmware-analyst

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs fetching firmware from public third-party sources (e.g., "wget http://vendor.com/firmware/update.bin" and via device HTTP/FTP/TFTP web interfaces) and requires the agent to read and analyze those externally sourced firmware binaries, exposing it to untrusted third-party content that could contain embedded malicious instructions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill includes explicit privileged actions that modify host state—e.g., dd from /dev/mtd0, copying binaries into extracted rootfs, and explicit sudo chroot commands—so it directs the agent to perform elevated, system-changing operations.