The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): The skill relies on root-level execution via sudo for nearly all operations, including system configuration changes (sysctl) and running network tools like ettercap and tcpdump as described in README.md and references/ettercap_usage.md.
[DATA_EXFILTRATION] (HIGH): Multiple Python scripts (modbus_sniffer.py, iec104_sniffer.py, dnp3_sniffer.py) are designed to intercept and expose raw network traffic from industrial protocols, which typically contains sensitive operational data and control logic.
[Indirect Prompt Injection] (HIGH): The skill creates a high-risk attack surface for indirect injection by ingesting untrusted network data with high-privilege capabilities.
Ingestion points: Raw network traffic captured via the sniff() function in scapy_scripts/modbus_sniffer.py, scapy_scripts/iec104_sniffer.py, and scapy_scripts/dnp3_sniffer.py.
Boundary markers: Absent. The scripts process raw protocol bytes directly into the console/agent context without delimiters.
Capability inventory: Root-level packet injection (send()), system networking modification (sysctl), and arbitrary packet construction (iec104_inject.py, modbus_inject.py).
Sanitization: None. Raw protocol payloads are parsed and printed without escaping or validation, allowing malicious network traffic to potentially influence agent reasoning.
[Privilege Escalation] (HIGH): The skill explicitly instructs the agent to enable IP forwarding (net.ipv4.ip_forward=1) and execute scripts using sudo, granting the agent full control over the host's network stack.

ics-traffic