mitm-find-auth

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs extracting bearer tokens, cookies, session IDs and including request/response "Evidence" and "Test Command" (curl with tokens), which requires the agent to read and reproduce secret values verbatim from log.txt.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly requires analyzing a mitmproxy dump (log.txt produced by mitmdump) that contains captured HTTP traffic and responses from arbitrary third-party websites, and the agent is instructed to read/interpret that file to drive vulnerability findings and follow-up test actions, so untrusted external content can influence behavior.