tshark

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs extracting and outputting HTTP auth headers, cookies, POST bodies, and FTP passwords from captures, which requires the agent to handle and potentially emit secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads and parses third-party network traffic and pcap files (see "Credential Extraction" and "File Extraction" commands in SKILL.md that extract HTTP POST bodies, auth headers, cookies, and exported HTTP/SMB files), which are untrusted external content the agent is expected to interpret and that could materially influence subsequent actions.