mitm-find-insecure
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses 'log.txt' in the local directory. This file contains raw network traffic which potentially includes sensitive session tokens, cookies, and HTTP headers. This access is inherent to the skill's purpose of identifying security misconfigurations in web traffic.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from network logs. An attacker could embed instructions in HTTP responses that the agent might follow while performing its analysis. * Ingestion points: log.txt * Boundary markers: Absent; the agent is not provided with delimiters to separate log data from instructions. * Capability inventory: File system read access to analyze the logs. * Sanitization: Absent; the skill does not define methods to filter or escape instructions embedded in the logs.
- [COMMAND_EXECUTION]: The skill documentation includes a command to capture traffic using 'mitmdump'. While provided for user guidance, an agent with shell execution capabilities might execute this to generate the necessary log file.
Audit Metadata