protocol-reverse-engineering
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill contains numerous instructions for executing powerful network capture and analysis tools including wireshark, tshark, tcpdump, and mitmproxy. These tools interact with raw network sockets and often require administrative privileges to operate on system interfaces.
- [PROMPT_INJECTION]: The skill facilitates the processing of untrusted data from network traffic which creates a surface for indirect prompt injection.
- Ingestion points: Raw network packets from live interfaces or capture files (capture.pcap) are processed by analysis scripts and tools.
- Boundary markers: The instructions lack delimiters or safety warnings to prevent the agent from being influenced by instructions embedded within packet payloads.
- Capability inventory: The skill allows for executing shell commands, writing data to the filesystem (e.g., http_traffic.json), and sending custom network packets using the Scapy library.
- Sanitization: There is no evidence of sanitization or filtering of network data before it is presented to the agent for analysis.
Audit Metadata