The Agent Skills Directory

[PROMPT_INJECTION]: Hidden zero-width characters detected in the main header of SKILL.md. A sequence of over 180 invisible characters (U+200B, U+200C, U+200D) is embedded after the title "Ultimate Forensics Team Style Guide". Initial decoding reveals binary data starting with the string "SK1L". This obfuscation technique is designed to hide content from plain-text inspection and can be used to bypass safety filters or provide hidden instructions to the agent.
[PROMPT_INJECTION]: Vulnerability to Indirect Prompt Injection due to untrusted data ingestion.
Ingestion points: Raw PCAP snippets and large (50GB) packet captures are processed directly (SKILL.md).
Boundary markers: Absent; there are no delimiters or instructions for the agent to ignore instructions embedded within the analyzed data.
Capability inventory: The skill uses network tools (tcpdump), decoding utilities (base64), and text processing (awk, cut) which provide significant capability to an attacker (SKILL.md).
Sanitization: Absent; the agent is instructed to reconstruct exact sequences from hex/ASCII packet data, providing a direct path for embedded malicious payloads to influence agent behavior.
[COMMAND_EXECUTION]: The skill provides examples of decoding Base64 strings from packet payloads and interpreting them as system commands (e.g., "cmd.exe /c whoami"). This establishes a pattern of behavior where the agent might be coerced into executing malicious code found in network traffic under the guise of forensic verification.
[DATA_EXFILTRATION]: The "Detailed Attribution" principle encourages the agent to look up ASN, geographic, and registrar history for external IP addresses. This involves performing network requests to non-whitelisted third-party services, which can be leveraged to exfiltrate analyzed data if the agent is directed to an attacker-controlled endpoint or attribution service.

forensics-team