mitm-find-otp

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to analyze mitmproxy logs and report "Evidence" of OTPs and verification flows, which can require outputting OTP values or other sensitive tokens verbatim from log.txt, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly requires and analyzes a mitmproxy dump file ("log.txt" produced by mitmdump) containing intercepted responses from arbitrary public websites/APIs, so the agent will read and act on untrusted third‑party content from that log.