wireshark-analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 3 "Follow > TCP/HTTP Stream" steps and Phase 5 guidance to "Follow HTTP Stream" and "File > Export Objects > HTTP" (and opening PCAP files) require the agent to read and extract arbitrary HTTP/web content and DNS traffic captured from public/untrusted sites or user traffic, which the agent is expected to interpret as part of its analysis and could materially influence its actions.