protocol-analysis

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill instructs the agent to read captured request/response headers and bodies (which commonly include tokens/cookies/signatures) and to produce validated replay scripts (e.g., output/api_client.py) that would require embedding those exact auth tokens/signatures verbatim to replay requests, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly instructs the agent to fetch and analyze external network traffic and third-party resources (e.g., traffic_read_body / traffic_list via android_proxy_mcp, get_websocket_messages and search_in_sources via js-reverse-mcp, and pbtk extract https://target.com/bundle.js) so it ingests untrusted public content (requests, WebSocket messages, JS/binary blobs) which can materially influence subsequent analysis and tool actions.