packet-analysis
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes an external Python script identified by the environment variable '$PACKET_BUDDY_MCP_SCRIPT' using a wrapper. This execution pattern relies on externally defined paths and executes commands in the local environment.
- [DATA_EXFILTRATION]: The skill is designed to extract sensitive metadata from network captures, including DNS queries, HTTP URIs, hosts, and full packet decodes. While no external network exfiltration is explicitly programmed in the instructions, the analysis of PCAP files inherently involves accessing and exposing potentially sensitive internal network data and credentials.
- [EXTERNAL_DOWNLOADS]: The workflow involves downloading file attachments from Slack and saving them to the local filesystem using the 'save_pcap_from_base64' tool. This facilitates the introduction of untrusted data into the system.
- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection. It ingests untrusted data from network packet captures (ingestion point: SKILL.md tools like pcap_dns_queries, pcap_http_requests) and processes it. There are no boundary markers or sanitization steps mentioned to prevent the agent from interpreting malicious instructions embedded within the packet payloads. The skill possesses capabilities to write files and execute commands (inventory: python3 execution via $MCP_CALL), creating a path for downstream exploitation.
Audit Metadata