I had a similar instance with the Spectrum App.
I would recommend to go to the Cortex XDR tenant and find this specific incident. Locate the wildfire information and identify the action/behavior that triggered that verdict.
In the case of the Spectrum mobile app, I downloaded the Wildfire report from Cortex XDR and found out that this app was trying to contact a fishy URL. The URL had no information and was potentially malicious (virustotal was inconclusive I think, can't remember), it could have been just a brand new domain which could also trigger URL filtering to flag as malicious.
Example of another similar incident:
Cyberforce Commander.
Don't forget to hit that Like button if a post is helpful to you!