climate-generator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill accepts an OpenAPI spec as an HTTP(S) URL to "climate generate <openapi_spec>" and its core workflow explicitly instructs the agent to "follow the generated instructions" from the produced Markdown prompt, meaning untrusted third-party OpenAPI content fetched from arbitrary public URLs can be read and can influence subsequent agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill can fetch an OpenAPI spec at runtime (e.g., https://petstore3.swagger.io/api/v3/openapi.json), and that fetched spec is used to generate CLIs and emit Markdown skill prompts—so remote content directly controls the generated prompts.