The Agent Skills Directory

[PROMPT_INJECTION]: Indirect prompt injection vulnerability. The skill processes external OpenAPI specifications which could contain malicious instructions embedded within metadata fields like description, summary, or operationId. * Ingestion points: The skill reads external OpenAPI specification files (YAML/JSON) using the Read tool in SKILL.md. * Boundary markers: No specific instructions or delimiters are provided to the agent to ensure it ignores natural language instructions that might be maliciously placed within the input specification. * Capability inventory: The agent utilizes Write, Edit, and Bash tools to generate files and potentially execute tests, which creates a path for malicious instructions to influence the environment. * Sanitization: The skill lacks explicit sanitization or validation of the input specification content before it is interpolated into generated source code and documentation.
[COMMAND_EXECUTION]: Dynamic script generation and execution risk. The skill is designed to generate complex client SDKs and test suites across multiple languages (TypeScript, Python, Go, Java) based on the content of the provided OpenAPI specification. While the Bash tool usage is scoped to the api:sdk-* namespace, the process of generating and then potentially running code based on untrusted schemas represents a low-level execution risk.

generating-api-sdks