The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The documentation in SKILL.md contains multiple hardcoded plaintext credentials within configuration examples, including RADIUS shared secrets (R4d1u5_S3cr3t_K3y!), LDAP service account passwords (ServiceAccountPassword123!), and user credentials (UserPassword123). While intended as examples, these present a security risk if adopted in production environments without modification.
[CREDENTIALS_UNSAFE]: The scripts/agent.py script accepts sensitive credentials, such as RADIUS secrets and user passwords, as command-line arguments via the --test-auth flag. This practice is insecure because command-line arguments are visible to other users on the system via process monitoring tools and are typically recorded in shell history.
[COMMAND_EXECUTION]: The workflow utilizes sudo for administrative tasks, including package installation and writing to system-level configuration files (e.g., /etc/freeradius/3.0/clients.conf). The monitoring script also executes SNMP queries against network infrastructure using community strings.
[EXTERNAL_DOWNLOADS]: The skill fetches a GPG signing key and configures a third-party software repository from inverse.ca to install the PacketFence NAC platform.
[PROMPT_INJECTION]: The scripts/agent.py script is subject to indirect prompt injection risks due to its log analysis functionality.
Ingestion points: The parse_radius_log function in scripts/agent.py reads a log file path provided by the user.
Boundary markers: No delimiters or safety instructions are used to separate log data from control logic during parsing.
Capability inventory: The script executes authentication tests via pyrad, performs SNMP walks using pysnmp, and generates reports.
Sanitization: Log entries are parsed based on keyword matches (e.g., 'Auth:', 'Login') without sanitization of the input file content.

implementing-network-access-control