analyzing-network-traffic-for-incidents

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill ingests network captures that may contain arbitrary public web content (SKILL.md Step 5: "URLs accessed via HTTP/HTTPS", and scripts/agent.py's extract_http_objects which uses "tshark --export-objects" to extract HTTP objects from PCAPs), and those extracted untrusted third‑party artifacts (URLs, HTTP objects, certificates, user‑agents) are parsed and used to identify C2/exfiltration and drive analysis decisions, so external content can materially influence the agent's actions.