The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted external data from packet captures (PCAP) and system logs using the scripts/agent.py script. Because the script does not sanitize the IP or MAC address strings extracted from these sources before including them in its output, it is vulnerable to indirect prompt injection. An attacker could craft network packets with instructions in address fields that might be interpreted by an agent as commands when reviewing the audit findings.
[COMMAND_EXECUTION]: The script and documentation involve the execution of system commands like arp -a and tcpdump to monitor network state. These commands are executed via safe subprocess calls with fixed argument lists, minimizing the risk of command injection.
[EXTERNAL_DOWNLOADS]: The skill instructions and scripts rely on the installation of the scapy library and the arpwatch utility. These are well-known security tools downloaded from official and trusted repositories (PyPI and system package managers).

detecting-arp-poisoning-in-network-traffic