firmware-analyst

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly instructs fetching firmware from a public vendor URL (e.g., "wget http://vendor.com/firmware/update.bin") and mentions ingesting HTTP/FTP content from device web interfaces, so the agent will download and parse open third-party/public web content as part of its workflow.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The skill contains explicit privileged operations (sudo chroot, apt install, dd from /dev/mtd0, copying system binaries) that instruct the agent to perform system-level changes and run code with elevated privileges, which can modify or compromise the host state if executed.