traffic-analysis-pcap
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill defines a large set of shell commands for analyzing and repairing network capture files. These include 'pcapfix' for file repair, 'editcap' and 'mergecap' for file manipulation, and 'tshark' for extensive packet analysis and data extraction.
- [EXTERNAL_DOWNLOADS]: Includes instructions to install 'networkminer' via the system package manager ('sudo apt install networkminer'). This is a standard procedure for setting up the forensic environment required by the skill.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to ingest and process external data from network captures which could contain adversarial content.
- Ingestion points: 'SKILL.md' (processed via tools like 'tshark' and 'Wireshark' on external PCAP files).
- Boundary markers: Absent; there are no specific delimiters or instructions provided to treat content within the PCAP files as untrusted.
- Capability inventory: Includes 'tshark', 'pcapfix', 'editcap', 'binwalk', and 'foremost' as referenced across 'SKILL.md' for file processing and extraction.
- Sanitization: The skill does not include steps for sanitizing or validating the contents of processed network captures.
Audit Metadata