The Agent Skills Directory

[COMMAND_EXECUTION]: The management script scripts/agent.py utilizes subprocess.run to execute systemctl and suricatasc to verify the operational status of the IPS and fetch performance counters. These commands use static arguments and are essential for the skill's intended administrative functionality.
[EXTERNAL_DOWNLOADS]: The documentation provides instructions to install Suricata from the official Open Information Security Foundation (OISF) PPA (ppa:oisf/suricata-stable). This is a well-known and trusted distribution source for network security software.
[PROMPT_INJECTION]: The analysis agent (scripts/agent.py) processes logs from /var/log/suricata/eve.json which contain metadata derived from external network traffic. This represents a surface for indirect prompt injection if the output is consumed by an AI agent without sanitization. * Ingestion points: /var/log/suricata/eve.json log entries. * Boundary markers: None present in the script; it parses raw JSON events. * Capability inventory: Subprocess execution for service status and counter dumps. * Sanitization: The script uses standard JSON parsing but does not sanitize string fields (signatures/categories) extracted from the logs.

implementing-network-intrusion-prevention-with-suricata