caido-mode

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs passing/storing PATs and tokens (examples show CLI args and env vars) and exporting full curl commands that preserve auth headers/cookies, which requires the LLM to handle and potentially emit secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests HTTP history and raw request/response data from a Caido instance via the SDK (see SKILL.md and commands like search/get/get-response/edit/replay in caido-client.ts and lib/commands/*), and the workflow instructs the agent to read those potentially user-generated/untrusted payloads and use them to drive edits and replays, so third-party content can materially influence tool actions.