mitm-find-insecure

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt asks the agent to read mitmproxy logs and report "Current Value" for findings (headers, cookies, params), which can contain API keys, bearer tokens, or passwords and therefore requires outputting secrets verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill requires and analyzes a mitmproxy capture file (log.txt) produced from arbitrary network traffic (per the SKILL.md "Requires: log.txt ... mitmdump ..."), so it directly ingests untrusted third-party web content/responses that the agent will read and use to make security decisions.