The Agent Skills Directory

[COMMAND_EXECUTION]: The skill interpolates the user-provided $ARGUMENTS directly into shell commands, such as bash scripts/tshark/capture-http-credentials.sh $ARGUMENTS and tshark -i $ARGUMENTS. Because these arguments are not sanitized or validated, an attacker can provide input like 'eth0; rm -rf /' to execute arbitrary commands on the host system.
[COMMAND_EXECUTION]: The documentation explicitly instructs the agent to suggest using sudo or running commands as root if permissions are denied. This facilitates privilege escalation, allowing the skill and any injected commands to run with the highest possible system permissions.
[CREDENTIALS_UNSAFE]: The skill is specifically designed to harvest sensitive data, including HTTP authentication headers, passwords transmitted in POST data, and session cookies. While this is the stated purpose, the automation of credential exposure represents a significant security risk.
[PROMPT_INJECTION]: The skill is highly susceptible to indirect prompt injection because it instructs the agent to analyze raw, untrusted network traffic (DNS queries, HTTP headers). An attacker on the network could send specially crafted packets containing malicious instructions intended to subvert the agent's logic when it 'reviews' the capture output.
Ingestion points: Network traffic captured via tshark (File: SKILL.md).
Boundary markers: None identified; output is reviewed directly.
Capability inventory: Shell command execution via bash and tshark, file system writes to /tmp/extracted/ (File: SKILL.md).
Sanitization: No sanitization or escaping is performed on the captured data before analysis.
[EXTERNAL_DOWNLOADS]: The skill references and executes multiple external shell scripts (e.g., scripts/tshark/analyze-dns-queries.sh) that are not part of the provided file set. Executing unverified external scripts via bash poses a major risk as the content and source of these scripts are unknown.

sniff