The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/agent.py executes external wireless auditing tools including airodump-ng, aircrack-ng, wash, and iwconfig using the subprocess.run() function. It correctly employs argument lists rather than shell strings, which effectively mitigates common shell injection risks associated with external tool invocation.
[PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it ingests untrusted data from the physical wireless environment, such as SSIDs and client probe requests, which are then included in the final report.
Ingestion points: Found in scripts/agent.py within the scan_access_points and detect_client_probes functions where raw 802.11 frames are parsed.
Boundary markers: The script does not implement explicit delimiters or instruction guards when interpolating captured wireless data into the report structure.
Capability inventory: The script possesses capabilities for system command execution (subprocess.run) and network packet injection (scapy.sendp).
Sanitization: Input strings are decoded using UTF-8 with errors ignored, but no specific sanitization for malicious instructions targeting the LLM is present.

conducting-wireless-network-penetration-test