wireshark-analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly instructs the agent to follow and reconstruct HTTP/TCP streams and to "Follow HTTP Stream" and "File > Export Objects > HTTP" to view and extract web/file content from captured PCAPs, which are arbitrary untrusted third‑party network/web content that the agent is expected to read and use to drive analysis.