network-engineer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to ingest and analyze untrusted data from external sources such as DNS records, HTTP headers via curl, and packet captures via tcpdump. This is a primary vector for indirect prompt injection where an attacker can embed instructions in network responses to manipulate the agent.
- Ingestion points: Diagnostic command outputs from ping, telnet, curl, DNS queries, and packet captures.
- Boundary markers: None present; the skill lacks delimiters or instructions to treat external data as untrusted.
- Capability inventory: The skill has the capability to execute system-level network diagnostics and interact with remote hosts.
- Sanitization: No evidence of output sanitization or validation.
- [Command Execution] (MEDIUM): The skill explicitly instructs the agent to use low-level diagnostic tools like tcpdump and wireshark, which often require elevated (sudo) privileges and provide deep visibility into the host's network environment, increasing the risk of privilege abuse.
Recommendations
- AI detected serious security threats
Audit Metadata