firmware-analyst

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs downloading firmware from a public vendor URL (e.g., "wget http://vendor.com/firmware/update.bin") and then using binwalk/strings/extraction and emulation steps that require the agent to read and act on untrusted third‑party firmware content which could embed instructions influencing subsequent tool use.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill includes explicit privileged operations (sudo chroot, apt install, copying binaries into rootfs, dd from /dev/mtd0, device access) that require root and can modify or compromise the host system state.