mitm-find-bizlogic

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill requires reading mitmproxy logs and embedding request/response "evidence" (and example headers/cookies) verbatim, which can include API keys, tokens, cookies or passwords and thus forces secret values into the agent's output.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly requires analyzing a mitmproxy capture file (log.txt produced by mitmdump), which ingests arbitrary third-party network traffic (public websites/APIs) that the agent must read and interpret to drive testing actions and curl requests, so it can be influenced by untrusted external content.