analyzing-network-traffic-with-wireshark

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The workflow explicitly includes locating "cleartext credential transmission", extracting decoded exfiltrated content and exported objects for reporting, which can require the agent to output recovered secrets (passwords, tokens, or copied credentials) verbatim in reports.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly ingests and parses untrusted third-party web content from packet captures (see SKILL.md and scripts/agent.py: commands like "tshark -r ... -Y 'http.request' ...", "--export-objects http,/tmp/http_objects/", and "Extract all URLs accessed" / follow-stream steps) so arbitrary HTTP payloads, files, and URLs captured from the open web can be read and used to drive analysis and decisions.