offensive-bluetooth-ble

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content is explicit offensive guidance (pairing downgrade, MITM/relay, key extraction, unauthenticated characteristic writes and companion-app reverse-engineering) intended to enable unauthorized access, credential/key theft, and remote control of devices (locks, cars, medical devices), so it is deliberately malicious and high risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs fetching and inspecting untrusted third-party content (e.g., "git clone https://github.com/Charmve/btproxy" and "adb pull … base.apk" followed by decompiling/grepping the app_src), meaning the agent workflow requires reading and interpreting public/vendor-generated code and app strings that can materially influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill contains an explicit runtime fetch-and-execute instruction—"git clone https://github.com/Charmve/btproxy" followed by "sudo python btproxy.py"—which downloads remote code and runs it, meaning this URL is used at runtime to execute external code.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The prompt explicitly instructs running multiple privileged commands (e.g., "sudo" for bettercap, Sniffle, btproxy) and cloning/running network/relay/sniffing tools that require root, thereby directing the agent to execute actions with elevated privileges on the host.