The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from network traffic payloads.
Ingestion points: The capture_traffic, list_l4_flows, and export_pcap tools ingest arbitrary L7 request/response data (HTTP, gRPC, etc.) from the Kubernetes cluster into the agent's context (SKILL.md).
Boundary markers: There are no explicit instructions or delimiters defined within the skill to differentiate between captured traffic data and administrative instructions.
Capability inventory: The agent has access to kubectl and can export pcap files, potentially allowing for downstream file-system or network operations based on injected content.
Sanitization: The skill does not implement or mandate sanitization of the captured traffic before it is processed by the agent.
[DATA_EXFILTRATION]: The skill facilitates the exposure of sensitive cluster-wide information.
Sensitive Data Access: The skill documentation explicitly states that it can capture full request/response payloads containing PII, credentials, or secrets.
TLS Decryption: It utilizes eBPF-based TLS decryption, which exposes data that would otherwise be encrypted, increasing the impact of any data exposure or exfiltration.
Mitigation: The author includes an 'Important Rules' section advising that sensitive data should be handled carefully, which serves as a notice but does not programmatically prevent exposure.

kubeshark-traffic