caido-mode

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs preserving auth headers from captured requests and exporting ready-to-use curl commands (and shows CLI usage that takes a PAT on the command line and stores tokens), which requires embedding secret tokens/PATs verbatim in outputs—creating a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's CLI and SKILL.md explicitly instruct Claude to search and fetch raw HTTP history and responses from a Caido instance (e.g., client.request.list()/client.request.get in lib/commands/requests.ts and the "search/get/get-response/edit/replay" commands), which ingests arbitrary HTTP request/response bodies from third-party sites that the agent reads and then uses to decide edits/replays—so untrusted, user-generated web content can materially influence actions.