traffic-analysis-pcap

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to follow TCP streams and export HTTP/SMTP objects (e.g., "Right-click packet → Follow → TCP Stream", "File → Export Objects → HTTP", "tshark --export-objects http", and SMTP attachment extraction), which requires ingesting arbitrary third-party web/email/user-generated content from PCAPs that can influence subsequent analysis and actions.