matrix-openapi-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly calls Matrix homeserver endpoints (e.g., the Homeserver Base URL https://matrix.org/_matrix/client/v3 shown in SKILL.md and Core Workflow examples like get:/sync, get:/rooms/{roomId}/state, and get:/profile/{userId}), which return untrusted, user-generated content (room messages, state, profiles) that the agent is expected to read/interpret and which can materially influence subsequent actions (e.g., follow-up reads or sends), so it exposes the agent to indirect prompt injection risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill explicitly requires and invokes the curated OpenAPI schema URL (https://raw.githubusercontent.com/holon-run/uxc/main/skills/matrix-openapi-skill/references/matrix-client-server.openapi.json) at runtime via --schema-url for uxc, meaning fetched JSON will directly define/drive the tool's operation surface (i.e., what calls/parameters the agent can execute) and is treated as a required dependency.