The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes network capture files (.pcap/.pcapng) which contain untrusted data from external network traffic. Malicious instructions could be embedded within packet payloads (e.g., HTTP requests, DNS queries) to influence the agent's behavior during analysis. The ingestion points include files retrieved via 'save_pcap_from_base64' or 'list_pcaps', and the skill lacks explicit boundary markers or sanitization steps to protect against such embedded instructions.
[COMMAND_EXECUTION]: The invocation method for tools uses a shell-like command structure: 'python3 $MCP_CALL "python3 -u $PACKET_BUDDY_MCP_SCRIPT" <tool_name> '<json_args>''. This pattern is potentially vulnerable to command injection if the user-controlled 'json_args' or 'tool_name' are not strictly escaped or validated before being executed by the host shell.
[EXTERNAL_DOWNLOADS]: The skill includes functionality to save data from external sources, specifically Slack file uploads, using the 'save_pcap_from_base64' tool. This involves writing potentially untrusted binary data from an external environment to the local filesystem (defaulting to /tmp/netclaw-pcaps).

packet-analysis