fix-openapi-spec

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill requires outputting raw spec files and log snippets (including request/response transcripts) and instructs sending original/updated specs and logs, which could contain API keys or tokens verbatim, so it enables secret exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's runtime scripts (scripts/run_loop_test.sh and scripts/run_loop_test.ps1, supported by references/run-loop-test-image-selection.md and the SKILL.md Docker Execution Rule) will automatically pull and run the public Docker image "specmatic/enterprise:latest" if no local image exists and then read and act on the container's output as part of loop-test/validation, meaning untrusted third-party image/content can influence the agent's decisions and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime scripts will attempt to pull and run the external Docker image specmatic/enterprise:latest (via docker pull specmatic/enterprise:latest), which fetches and executes remote code as a required runtime dependency.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt explicitly instructs the agent to "retry using your environment’s built-in privilege escalation mechanism" for Docker permission failures, which directs the agent to obtain elevated (sudo-like) privileges and thus risks compromising the host state.