network-forensics
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides numerous examples for executing system utilities for network analysis. This includes using tcpdump for packet capture and tshark for deep packet inspection. Notably, the provided tcpdump command uses the
-Z rootflag, which prevents the process from dropping privileges after opening the capture interface, increasing potential exposure if a vulnerability in the packet parser is exploited. - [DATA_EXFILTRATION]: Includes commands designed to identify and extract sensitive information from network traffic, such as searching for cleartext credentials (pass, user, login, auth) and extracting files from HTTP streams. These capabilities are intended for forensic investigation of potential data breaches.
- [PROMPT_INJECTION]: The skill demonstrates an indirect injection surface through the processing of untrusted data.
- Ingestion points: PCAP capture files processed by tools like tshark, tcpdump, and Zeek (SKILL.md).
- Boundary markers: None present to differentiate between packet data and instructions.
- Capability inventory: Execution of powerful command-line parsers and network monitors across all scripts.
- Sanitization: No sanitization or escaping of packet content is performed before processing or display.
Audit Metadata