mitm-find-enumerable
Warn
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill contains pre-written bash scripts that use loops and curl to perform bulk network requests, facilitating automated interaction with target endpoints.
- [DATA_EXFILTRATION]: The logic focuses on mass data collection and scraping from enumerable endpoints, providing the means to automate large-scale data extraction.
- [CREDENTIALS_UNSAFE]: The skill instructs the agent to analyze 'log.txt' files created by mitmproxy. These logs typically contain sensitive information, including session cookies, authorization headers, and other authentication credentials captured from live network traffic.
- [PROMPT_INJECTION]: The skill ingests unvetted data from 'log.txt', which contains raw network traffic. This creates a surface for indirect prompt injection where malicious content from an external website could influence the agent's behavior.
- Ingestion points: log.txt (mitmproxy dump file)
- Boundary markers: None specified to separate traffic data from instructions
- Capability inventory: Shell access for curl loops and file system read access
- Sanitization: No evidence of validation or filtering for the ingested log content
Audit Metadata