The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/agent.py executes the opencanaryd command using subprocess.run to start the honeypot service and verify its status. These calls use argument lists rather than shell execution, which is a secure implementation pattern.- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it parses honeypot logs containing data directly provided by external attackers (such as usernames and passwords used in login attempts) and includes this data in an analysis report. If an agent processes this report without strict sanitization, the attacker-controlled strings could influence its behavior.
Ingestion points: Interaction data is read from /var/tmp/opencanary.log in scripts/agent.py.
Boundary markers: The parsed log data is not wrapped in protective delimiters or accompanied by instructions for the AI to ignore embedded commands.
Capability inventory: The script can execute system commands (opencanaryd) and write to the filesystem (/etc/opencanaryd/).
Sanitization: The script performs no sanitization or escaping of the attacker-controlled strings extracted from the JSON logs before adding them to the final report.

implementing-network-deception-with-honeypots