The Agent Skills Directory

[COMMAND_EXECUTION]: The skill performs shell command execution through subprocess.run in scripts/agent.py to invoke curl. This command specifically uses the -k flag to disable SSL/TLS certificate verification. Similarly, the NozomiGuardianManager class in SKILL.md defaults to disabling SSL verification (verify_ssl=False), exposing communications to potential man-in-the-middle attacks.\n- [PROMPT_INJECTION]: The skill contains a vulnerability surface for indirect prompt injection due to its handling of untrusted data from the Nozomi Guardian API.\n
Ingestion points: The skill retrieves alert descriptions, asset inventory labels, and network session details via API endpoints in scripts/agent.py and SKILL.md.\n
Boundary markers: Absent. No delimiters or instructions are provided to the agent to treat external data as untrusted.\n
Capability inventory: The skill can execute shell commands (via subprocess) and perform outbound network requests.\n
Sanitization: Absent. The retrieved data is processed and printed to standard output without any filtering, validation, or escaping of potentially malicious content.

implementing-ot-network-traffic-analysis-with-nozomi