The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes system commands to perform network environment checks.
The script scripts/agent.py calls the system arp -a utility using subprocess.run to inspect the local ARP cache for duplicate IP mappings.
The SKILL.md file provides code snippets that use subprocess.Popen to invoke tcpdump for packet capture and real-time analysis.
[EXTERNAL_DOWNLOADS]: The instructions and scripts reference the use of reputable third-party security software.
The skill documentation recommends installing the scapy Python library for packet manipulation.
It also guides the user through the installation of the arpwatch utility using the standard system package manager (apt).
[PROMPT_INJECTION]: The skill is designed to ingest and process untrusted network data, creating a surface for potential indirect prompt injection.
Ingestion points: The skill reads PCAP files using Scapy and processes the /var/lib/arpwatch/arp.dat log file.
Capability inventory: The agent has the ability to execute network commands and read system-level ARP tables.
Boundary markers: The skill does not use specific delimiters or markers when processing external packet data.
Sanitization: Data ingested from packets is treated as structured network protocol fields and is not used to dynamically construct shell commands or LLM prompts, effectively mitigating the risk of instructions embedded in the network traffic being executed.

detecting-arp-poisoning-in-network-traffic