The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the user or agent to use sudo for installing system packages like wireshark, tshark, and mono-complete in SKILL.md. This involves privilege escalation to configure the analysis environment.
[EXTERNAL_DOWNLOADS]: In SKILL.md, the workflow includes downloading the NetworkMiner analysis tool from Netresec's official website and executing it using the Mono runtime.
[DATA_EXFILTRATION]: The skill contains commands and logic to systematically extract potentially sensitive information from network captures, including plaintext FTP credentials (USER and PASS commands), HTTP Authorization headers, and files transferred over various protocols (HTTP, SMB, FTP). These artifacts are saved to the local file system for further analysis.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted network traffic data (PCAP files) without sufficient isolation or sanitization.
Ingestion points: Network traffic data is ingested via pyshark in scripts/agent.py and via tshark command-line calls in SKILL.md.
Boundary markers: There are no explicit delimiters or instructions to the model to ignore potential commands embedded within the extracted packet payloads.
Capability inventory: The agent has the capability to execute shell commands (tshark, curl), perform network requests (VirusTotal API), and write reports to the file system.
Sanitization: The skill does not perform escaping or validation of packet field values before including them in the final JSON report or displaying them to the user, which could allow malicious data in a PCAP file to influence the LLM's interpretation or subsequent actions.

performing-network-forensics-with-wireshark