hunting-for-domain-fronting-c2-traffic

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill ingests untrusted proxy logs and (per SKILL.md and scripts/agent.py) can connect to arbitrary hostnames to fetch and parse TLS certificates via the get_tls_certificate_info/--check-certs flow, and those external values are parsed and used to score/flag domain-fronting, so third-party content can materially influence decisions.