analyzing-network-traffic-of-malware

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill ingests and analyzes arbitrary PCAP files containing third-party network traffic (extracting DNS queries, HTTP hosts/URIs, TLS/J A3 fingerprints) as shown in SKILL.md Step 3/Step 6 and in scripts/agent.py (extract_http_c2, detect_dga_domains, detect_dns_tunneling, generate_suricata_signatures), and then uses those untrusted values to generate detection rules and drive decisions—so external content can materially influence agent behavior.