protocol-reverse-engineering

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The playbook explicitly captures and ingests arbitrary network and HTTP traffic (e.g., mitmproxy usage, Wireshark "Export Objects > HTTP", and tshark -r capture.pcap -Y "http" -T json > http_traffic.json) which can contain untrusted, user-generated third-party content that the agent is expected to read and analyze.