decompose

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow explicitly instructs the agent to fetch and ingest content from open/public third-party sources (e.g., Phase 2 "Community recon" — search GitHub, Postman workspaces, Wayback; probing Live spec paths like /openapi.json; Phase 3 "Capture" — save HAR from web pages; references/local-network.md — download companion apps and firmware), so the agent will read untrusted, user-generated or public web content that can materially change its actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill explicitly instructs network- and system-level operations that modify host/device state or security (ARP-spoofing, setting up hostapd/AP, installing/trusting mitmproxy CA, using bettercap, low-level packet capture), actions that typically require elevated privileges and change the machine's security posture.