fix-openapi-spec
Warn
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the execution of local bash and PowerShell scripts to manage the lifecycle of Docker containers. It explicitly instructs the AI agent to attempt to use environment-specific privilege escalation mechanisms, such as
sudo, if Docker commands fail due to permission errors. - [EXTERNAL_DOWNLOADS]: The included scripts are configured to fetch the
specmatic/enterprise:latestDocker image from the vendor's repository if no local Specmatic image is detected. - [DATA_EXFILTRATION]: The execution logic mounts the user's home directory subdirectory
~/.specmatic(intended for license storage) and the current working directory into the Docker container, potentially exposing local configuration and sensitive project files to the containerized environment. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes external OpenAPI specification files. A malicious specification could contain instructions in field descriptions designed to influence the agent's logic during the analysis cycle.
- Ingestion points: OpenAPI specification files (
SKILL.md). - Boundary markers: No boundary markers or specific delimiters are defined to separate the specification content from the agent's instruction context.
- Capability inventory: The skill executes shell scripts, performs Docker operations, and writes to the local filesystem (logs and updated specifications).
- Sanitization: No sanitization or validation of the specification's natural language fields is performed before the agent processes and acts upon the data.
Audit Metadata