The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes various shell commands to integrate with external tools, including curl for API communication and python3 for parsing JSON results.
[COMMAND_EXECUTION]: To retrieve environment variables like the API key, the skill attempts to source shell profiles such as ~/.zshrc or ~/.bashrc. This is a common procedure in development environments to ensure configuration is correctly loaded.
[EXTERNAL_DOWNLOADS]: The skill utilizes npx -y http-server, which downloads and executes the http-server utility from the npm registry to host a local preview of the API documentation.
[DATA_EXFILTRATION]: The generated OpenAPI specification is sent to an external service at api.ratemyopenapi.com. This transmission is the intended behavior for the skill's core linting and scoring functionality.
[COMMAND_EXECUTION]: The skill manages the lifecycle of the local preview server by using lsof and kill to identify and stop the background process after the user has finished reviewing the documentation.
[PROMPT_INJECTION]: As the skill ingests and processes multiple user-provided design files, it is subject to indirect prompt injection. Maliciously crafted input could theoretically influence the generated output, though the impact is contained within the API specification design context.

design-api-spec