The Agent Skills Directory

[COMMAND_EXECUTION]: The file scripts/agent.py implements PCAP processing by invoking the zeek binary through subprocess.run. The command is constructed as a list of strings without the use of shell=True, which effectively mitigates common shell injection risks associated with user-supplied file paths or directory names.\n- [EXTERNAL_DOWNLOADS]: The SKILL.md file contains instructions for adding the Zeek repository and installing the software from the openSUSE build service and Ubuntu package manager. These are standard and trusted distribution channels for the tools described in the skill.\n- [PROMPT_INJECTION]: The skill has a vulnerability surface for indirect prompt injection because it ingests data from untrusted network connections and maintains system capabilities.\n
Ingestion points: The agent in scripts/agent.py reads and parses TSV log files generated from network traffic, which includes attacker-influenced fields like DNS queries, HTTP URIs, and User-Agents.\n
Boundary markers: The output returned by the agent is structured as JSON but does not incorporate explicit boundary markers or instructions that would prevent a language model from interpreting embedded directives as its own instructions.\n
Capability inventory: The scripts/agent.py script includes functional code to execute system commands via the subprocess module to process PCAP files.\n
Sanitization: The log parser in scripts/agent.py uses Path.read_text(errors='replace') for basic character encoding robustness but lacks specific sanitization or filtering logic to neutralize malicious instructions embedded in network metadata.

performing-network-traffic-analysis-with-zeek