The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The agent script explicitly disables SSL certificate verification when communicating with the Arkime API. This allows for Man-in-the-Middle (MitM) attacks where an attacker could intercept the Digest authentication credentials or the network traffic data being analyzed.
Evidence: In scripts/agent.py, the arkime_request function sets verify=False in the requests.get call.
[COMMAND_EXECUTION]: The skill design requires passing sensitive credentials such as passwords as plaintext command-line arguments. This is insecure as CLI arguments are often visible in system process lists and stored in shell history files.
Evidence: Both SKILL.md (example command) and scripts/agent.py (argparse setup) use the --password flag for authentication.
[PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes data from an external network source (Arkime API) without sanitization.
Ingestion points: API data fetched in scripts/agent.py from /api/sessions, /api/connections, and /api/spiview.
Boundary markers: None.
Capability inventory: The script writes analysis results to a local file using json.dump.
Sanitization: None; data from the API is directly formatted into the report without validation or filtering.

implementing-network-traffic-analysis-with-arkime