The Agent Skills Directory

[SAFE]: The skill performs legitimate cybersecurity analysis tasks as described in its metadata. All scripts and instructions align with the stated purpose of malware traffic analysis.
[COMMAND_EXECUTION]: The skill utilizes system binaries including tshark, suricata, and capinfos via subprocess calls and shell commands to analyze packet captures. These are standard tools for network forensics.
[EXTERNAL_DOWNLOADS]: References well-known and trusted security tools (Wireshark, Zeek, Suricata, NetworkMiner) and standard Python libraries (scapy, dpkt). No downloads from untrusted or suspicious external sources are present.
[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface common in data analysis tools. It processes untrusted network traffic data which could theoretically contain malicious instructions.
Ingestion points: Network traffic data is ingested from PCAP files using tshark and scapy in SKILL.md and scripts/agent.py.
Boundary markers: Untrusted packet content is not separated from agent instructions by specific boundary markers or delimiters.
Capability inventory: The skill has the capability to execute system commands (subprocess.run) and write files to the local filesystem.
Sanitization: There is no evidence of sanitization for packet-derived strings (e.g., DNS queries, HTTP URIs) before they are processed by the agent.

analyzing-network-traffic-of-malware