The Agent Skills Directory

[COMMAND_EXECUTION]: Uses RunTerminalCmd to execute shell commands for API validation, comparison, and code generation tasks as part of its core synchronization features (SKILL.md).
[EXTERNAL_DOWNLOADS]: Recommends running third-party validation tools via npx, such as @stoplight/spectral-cli and graphql-inspector, which results in downloading and executing code from the npm registry (SKILL.md).
[PROMPT_INJECTION]: Vulnerable to indirect prompt injection because it reads and processes external API specification files (.yaml, .json, .graphql) which could contain malicious instructions. * Ingestion points: Reads spec files using the Read tool. * Boundary markers: No explicit delimiters or safety instructions are defined to separate untrusted data. * Capability inventory: Access to RunTerminalCmd, Read, Grep, and Glob tools provides a functional surface for exploited instructions. * Sanitization: No sanitization or validation of the specification content is mentioned prior to analysis.

API Contract Sync Manager