mitm-subdomains
Warn
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for the user or agent to execute the
mitmdumputility to capture network traffic into a local file (log.txt). - [CREDENTIALS_UNSAFE]: The skill's primary function is to analyze traffic logs (
log.txt) which typically contain plaintext credentials, including session cookies and Authorization headers. Processing this file exposes sensitive secrets to the agent's context. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). It ingests untrusted data from network traffic logs (
log.txt) without implementing boundary markers or sanitization. This creates an attack surface where an attacker can embed instructions in HTTP headers or content that the agent might execute or follow during analysis. Ingestion points: log.txt; Boundary markers: None; Capability inventory: Shell execution (mitmdump); Sanitization: None.
Audit Metadata