mitm-find-sqli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill requires extracting and reporting verbatim requests/responses from the mitmproxy log.txt as "evidence" (including headers/cookies/URLs), which can contain API keys, session tokens, or passwords that the LLM would output directly.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill explicitly provides actionable exploitation techniques and payloads for discovering and exploiting SQL injection vulnerabilities — including data exfiltration (UNION/selects), authentication bypass, destructive commands (DROP TABLE), time-based blind extraction, and WAF-bypass tricks — which enable unauthorized data theft and system compromise.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly requires a mitmproxy capture file ("log.txt") and its SKILL.md workflow (see "Requires: log.txt" and the "Step 1: Identify Input Points" grep commands) instructs the agent to read and analyze that captured traffic and then craft follow-up requests (curl tests) based on extracted endpoints, so untrusted/public third-party request/response content could materially influence actions.