The Agent Skills Directory

[PROMPT_INJECTION]: Indirect Prompt Injection Surface.
Ingestion points: The script in SKILL.md (via rdpcap) and scripts/agent.py (via parse_zeek_dnp3_log) ingest untrusted data from network captures and external log files.
Boundary markers: Absent. The processed data is directly interpolated into findings and printed to the console without delimiters or instructions to the agent to ignore embedded content.
Capability inventory: The tools inventory includes protocol analysis and alerting. No network-write, file-write, or subprocess execution capabilities were found based on the processed data.
Sanitization: No sanitization or escaping of field values (e.g., function names, source IPs, or payload-derived strings) is performed before the data is presented to the agent.
[SAFE]: Metadata Inconsistency.
The SKILL.md metadata lists the author as 'mahipal', while the LICENSE file contains a copyright notice for 'mukul975'. While inconsistent, this does not appear to be an attempt at deceptive impersonation of a trusted vendor.

detecting-dnp3-protocol-anomalies