configuring-suricata-for-network-monitoring

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's agent script (scripts/agent.py) explicitly reads and parses Suricata EVE JSON logs from /var/log/suricata/eve.json (network-origin, untrusted/user-generated content) and the workflow/README also invokes suricata-update enabling external rule sources like et/open and ptresearch (public third‑party rule feeds), so the agent ingests open third‑party/user data as part of its normal operations which can influence alerts, rule management, and subsequent actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). Yes — the skill explicitly instructs use of sudo to install packages, edit system files under /etc (suricata.yaml, rules), create and enable a systemd service, modify network/iptables and kernel NIC settings (ethtool, ip link), all of which change the system state and require elevated privileges.