Swagger Codegen Orchestrator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly states the orchestrator "reads OpenAPI specs from local files, URLs, or directly from Swagger Hub via the SwaggerHub API," meaning it fetches and parses untrusted public OpenAPI documents (user-provided URLs/SwaggerHub content) which are then used to drive code-generation decisions and tool actions, so those third-party specs could inject instructions that materially influence behavior.