oapi-expert

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill shows and encourages embedding API keys/secrets directly into CLI commands (e.g., oapi profile add --value sk-abc123), which would require the LLM to include secret values verbatim in generated commands and thus poses an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and re-fetches remote OpenAPI specs (e.g., "oapi register --name myapi --remote " and "oapi refresh ") and instructs the agent to run "oapi docs" to read those specs and use the generated examples to drive requests, so untrusted third-party spec content can directly influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches OpenAPI specs at runtime via the oapi register --remote command (e.g. https://api.example.com/openapi.json), and those fetched specs are used to generate docs/examples that directly control the agent's prompts/behavior, so remote content can inject instructions.