What is your threat model/what security goals do you want to achieve?
Wireshark had a few vulnerabilities as is expected with the huge attack surface when parsing many different data formats.
Under the assumptions that your SharkTap will not be able to send packets received from the TAP port this is the most secure setup i could think of, besides additionaly converting it to a disposable.