iot-witness-verify

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (medium risk: 0.65). The required workflow runs an external CLI (@claude-flow/plugin-iot-cognitum@latest) that likely fetches/reads witness-chain data for a specified DEVICE_ID from a remote/public device or service, and that retrieved witness text (e.g., logs/records) would be ingested into the agent’s LLM context for integrity reporting—an outsider-authored free-text source path.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill invokes "npx -y -p @claude-flow/plugin-iot-cognitum@latest cognitum-iot witness verify DEVICE_ID", which fetches and executes an external npm package at runtime (a required dependency), so remote code is executed during skill runtime.