tcpdump
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: Provides templates for tcpdump commands which require administrative privileges (sudo) to access network interfaces.
- [COMMAND_EXECUTION]: Includes a method for remote network capture using an SSH pipe to transfer packet data from a remote server to a local analysis tool.
- [EXTERNAL_DOWNLOADS]: References official project documentation and reputable community guides from well-known sources like tcpdump.org, wireshark.org, Red Hat, Ubuntu, and Arch Linux.
- [PROMPT_INJECTION]: Identifies a surface for indirect prompt injection where malicious instructions could be embedded in network traffic (e.g., HTTP headers or DNS responses) captured by the tool.
- Ingestion points: Network traffic captured by tcpdump (stdout or .pcap files).
- Boundary markers: Not explicitly defined in the skill templates.
- Capability inventory: The skill documentation focuses on subprocess execution of tcpdump.
- Sanitization: No sanitization of packet content is provided in the example commands.
Audit Metadata