Skills
skills/oimiragieo/agent-studio/protocol-reverse-engineering/Gen Agent Trust Hub

protocol-reverse-engineering

Warn

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill leverages the Bash tool to execute high-privilege network utilities including wireshark, tshark, tcpdump, and mitmproxy. These tools enable full packet capture and real-time monitoring of network interfaces, typically requiring root or administrative privileges.
  • [DATA_EXFILTRATION]: Provides comprehensive procedures for Man-in-the-Middle (MITM) attacks and TLS decryption using mitmproxy --ssl-insecure and the SSLKEYLOGFILE environment variable. These techniques allow for the interception and exposure of sensitive, encrypted network traffic.
  • [COMMAND_EXECUTION]: Includes Python scripts utilizing the scapy library to craft and inject custom network packets (send(pkt)). This capability allows for active protocol manipulation and network-level testing that can be used for unauthorized access if misapplied.
  • [PROMPT_INJECTION]: The 'Memory Protocol' section contains mandatory instructions (Before starting, After completing, ASSUME INTERRUPTION) that direct the agent to maintain state outside the immediate session context. These instructions override standard agent behavior to enforce a specific persistence workflow.
  • [COMMAND_EXECUTION]: The Memory Protocol mandates reading and writing data to specific absolute paths (e.g., C:\dev\projects\agent-studio\.claude\context\memory\learnings.md). This establishes a persistent storage mechanism on the host filesystem for tracking patterns and decisions across multiple sessions.
  • [PROMPT_INJECTION]: The skill is designed to ingest and parse untrusted network traffic data, which serves as a surface for indirect prompt injection.
  • Ingestion points: Network capture files processed via rdpcap and tshark -r in the SKILL.md examples.
  • Boundary markers: None identified; there are no instructions for the agent to ignore or delimit potentially malicious embedded instructions within the captured packet payloads.
  • Capability inventory: Significant capabilities including full Bash tool access, filesystem write access, and network packet injection.
  • Sanitization: No evidence of sanitization or validation of packet content before it is processed or used by the agent logic.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 3, 2026, 02:04 PM