m5-onboard

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly fetches firmware from the public M5Burner manifest API (fetch_firmware.py) and clones/reads a public GitHub repo for the app bundle (/maker-setup and the buddy/device path used by install_apps.py), and the agent inspects those third‑party files (e.g., presence of a root main.py) to decide actions like which firmware to flash and whether to set NVS boot_option, so untrusted external content can materially influence tooling and next steps.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill may at runtime clone or download and then execute code from the referenced repository https://github.com/moremas/build-with-claude (via git or GitHub tarball) and may offer to run the Homebrew installer via /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)", both of which fetch remote code that would be executed or used as required runtime dependencies.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The prompt explicitly instructs the agent to install system packages and modify system state (e.g., run sudo apt-get to install Python, run sudo usermod -aG dialout, and suggests running commands with sudo), which requires elevated privileges and changes the host machine configuration.