skills/mukul975/anthropic-cybersecurity-skills/performing-packet-injection-attack/Gen Agent Trust Hub
performing-packet-injection-attack
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documentation includes examples of using sudo with tools like hping3 and iptables. Elevated privileges are typically required for raw socket access and modifying network configurations during security testing. \n
- Evidence: sudo hping3 -S -p 80 --rst -c 5 10.10.20.10 (SKILL.md)\n
- Evidence: sudo iptables -L -n -v | grep -i drop (SKILL.md)\n- [PROMPT_INJECTION]: The skill contains a packet sniffing function that processes untrusted network data to perform TCP RST injection. While this is a functional security testing technique, it represents an ingestion point for external data.\n
- Ingestion points: The sniff() function in SKILL.md (Step 3) and scripts/agent.py captures traffic from the network interface.\n
- Boundary markers: The script does not use specific delimiters to isolate captured packet data.\n
- Capability inventory: The skill has the capability to inject crafted packets back into the network using send() and sr1().\n
- Sanitization: Captured packet headers (src/dst IP, ports, sequence numbers) are used directly to craft response packets without additional validation.\n- [SAFE]: The primary logic is implemented using the Scapy library, which is a standard and well-regarded tool for network packet manipulation.\n- [SAFE]: No evidence of data exfiltration, credential harvesting, or unauthorized remote code execution was found. The skill targets internal network ranges for testing purposes.
Audit Metadata