The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/agent.py uses subprocess.run(shell=True) with f-string interpolation for the pcap_path variable across multiple functions, including run_tshark, get_pcap_summary, detect_data_exfiltration, and extract_ids_alerts. This allows for arbitrary command execution if an attacker provides a crafted filename containing shell metacharacters (e.g., ;, |, or backticks).
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the processing of untrusted network traffic data.
Ingestion points: Network metadata (DNS queries, HTTP objects) extracted from PCAP files in scripts/agent.py and displayed to the agent.
Boundary markers: Absent; there are no delimiters or instructions telling the agent to treat extracted network data as untrusted content.
Capability inventory: The agent has access to system command execution via agent.py and the tools mentioned in SKILL.md.
Sanitization: Absent; the script does not sanitize DNS query names or exported filenames before returning them to the agent context.
[EXTERNAL_DOWNLOADS]: The skill references several external network forensic tools including Wireshark, Zeek, Suricata, Arkime, and RITA. While these are well-known security tools, their use on untrusted PCAP files requires users to maintain updated versions to mitigate protocol-level exploitation risks.

analyzing-network-traffic-for-incidents