mitm-list-apis

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill asks the agent to extract request/response fields from a mitmproxy log (including query/body params and response fields) without instructing redaction, so it can require copying secret tokens, API keys, cookies or passwords verbatim from the capture into the output.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads and analyzes a mitmproxy traffic dump file ("log.txt" in the current directory) containing captured HTTP traffic from external websites/apps, meaning it consumes untrusted third‑party content (network responses) and uses that content to extract endpoints and drive analysis/actions as described in SKILL.md.