oRPC OpenAPI to Contract

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's workflow explicitly instructs using Hey API's orpc plugin to fetch and convert an OpenAPI Specification from a public URL (e.g., input: 'https://get.heyapi.dev/hey-api/backend'), meaning it ingests untrusted third‑party OpenAPI docs that are parsed and used to generate contracts which can materially influence subsequent behavior.