tshark
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes system commands and local bash scripts to monitor network interfaces and process packet captures.
- [CREDENTIALS_UNSAFE]: The tool includes predefined filters and patterns to specifically target and extract sensitive credentials, including HTTP Basic Authentication headers, POST request bodies, session cookies, and FTP login information.
- [DATA_EXFILTRATION]: Live capture on network interfaces (e.g., eth0, en0) allows the agent to monitor and potentially expose sensitive communications occurring on the host system.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through malicious payloads in processed packet captures. Ingestion points: packet captures loaded via the -r flag. Boundary markers: Absent. Capability inventory: subprocess execution of tshark and shell scripts. Sanitization: Absent.
Audit Metadata