The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts/agent.py script executes the tshark utility using subprocess.run(). Several functions build command arguments using string formatting. Although shlex.split() is applied to the arguments, the lack of strict validation for parameters like display_filter, conv_type, or output_dir creates a surface for argument injection. This could be leveraged to execute unauthorized tshark operations, such as loading malicious Lua scripts via the -X flag. \n- [DATA_EXFILTRATION]: The skill enables the extraction of sensitive network data. SKILL.md and scripts/agent.py describe procedures for harvesting cleartext credentials (e.g., FTP/HTTP auth) and exporting objects (files) from protocols like HTTP and SMB. This capability could be abused for data theft if the agent is compromised. \n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes packet captures (PCAPs) from untrusted external sources. Malicious packets could contain text designed to influence the agent's analysis reports or subsequent logic. \n
Ingestion points: PCAP files are read using tshark -r in scripts/agent.py. \n
Boundary markers: No markers are used to distinguish between extracted packet data and analysis instructions. \n
Capability inventory: The agent has the ability to execute commands and perform file system operations. \n
Sanitization: No content-level sanitization is performed on data extracted from network packets before it is processed by the agent.

analyzing-network-traffic-with-wireshark