performing-wifi-password-cracking-with-aircrack

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly captures and cracks WPA/WPA2 passphrases and its report templates and examples show plaintext cracked passwords (e.g., "Welcome2024!", "iot12345"), meaning an agent following it would be expected to output secret passphrases verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill directly ingests untrusted, user-generated wireless data from nearby access points (airodump-ng CSV parsed in scan_networks and used as BSSID/channel values) and then uses those values to drive active tool actions (aireplay-ng deauth, airodump-ng capture, and cracking) as shown in SKILL.md and scripts/agent.py, so third-party network content can materially influence execution.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs the agent to run multiple sudo commands (managing network interfaces, killing processes, starting monitor mode, sending deauth packets, and restarting NetworkManager) which modify system/network state and require elevated privileges, so it pushes the agent to change the machine's state and potentially disrupt it.